healthcare ransomwareAll Records Erased, Practice Closes Down after Healthcare Ransomware Attack

In the aftermath of a devastating healthcare ransomware attack, a practice based out of Battle Creek, Missouri has been forced to close its doors. This is just another example of the growing threat of ransomware attacks against small individual or group practices in the United States.
Brookside ENT & Hearing Services has been forced to permanently close after a ransomware incident resulted in the loss of all of its electronic health records. This marks the first time in the history of reported healthcare ransomware attacks that a practice closed in the wake of such an attack.
With this example in mind, the average practitioner is likely to ask themselves how better understand and protect themselves against ransomware attacks.

Understanding Healthcare Ransomware

Ransomware is a type of malware that infects a user’s computer or network. Once the system has been infected, the malicious software will encrypt all of the data being maintained on the system. Then, the hackers responsible will demand a ransom in exchange for restoring access to that data.
Sometimes, the ransomware will present healthcare providers with a countdown: pay the ransom within the allotted timeframe, or face permanently losing access to this protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include a patient’s name, address, email, telephone number, Social Security number, medical records, and insurance ID numbers, to name a few. Electronic PHI (ePHI) is any health care data that can be used to identify a patient that is stored in electronic format, such as the records stored or maintained on electronic health records systems (EHRs).

Preventing Healthcare Ransomware Attacks

In the case of Brookside ENT & Hearing Services, all of the practice’s medical records, billing information, and appointment logs were permanently lost. That includes the on-site backups maintained by the practice. Those on-site backups were an attempt to protect the records in question, but on-0site backups are often as vulnerable to attacks as their original files. The best type of backup to defend against a ransomware attack is an “off-site” backup, which means that backup records are stored in a separate geographic location from the original files.
Offsite data back-up allows users to create a full copy of their data stored separately on other premises. This is particularly important in the event of a natural disaster or ransomware incident. Brookside carried our back-up procedures but stored these back-ups onsite. When the ransomware incident struck, the back-up files were lost in the attack as well. Even though Brookside took steps to prevent this ransomware incident then, these preventative measures clearly fell short of the protections needed, or the HIPAA regulations that set specific standards for data security in healthcare to avoid data breaches.
Furthermore, “full-disc encryption” is recommended for computers that store ePHI, which is a type of HIPAA encryption that encrypts a user’s entire computer system, rather than just individual files, making it next to impossible for hackers to access that data.
The combination of both off-site backs and full-disk encryption is currently the most comprehensive way to protect ePHI in an effective HIPAA compliance program. Preventing data loss and defending against ransomware incidents should be the top priority for health care providers across the country, regardless of their specialty.