- Utilizing Medical Malpractice Data to Mitigate Risks and Reduce Claims
- Industry News
- Access and Reimbursement
- Law & Malpractice
- Coding & Documentation
- Practice Management
- Finance
- Technology
- Patient Engagement & Communications
- Billing & Collections
- Staffing & Salary
Physicians Should Understand the Basics of Ransomware
It doesn't matter how small or big your practice is, you need to be prepared for ransomware attacks.
With the increased number of ransomware attacks, physicians need to implement a plan to address the prevention, detection, and correction of these nefarious attacks.
Fundamentally, ransomware is "a type of malicious software designed to block access to a computer system until a sum of money is paid." Typically, two types of ransomware may be deployed - lockscreen or encryption. A lockscreen attack is identified by a message popping up on the computer screen, which prevents the user from either using the PC or accessing files. An encryption attack occurs when the files are encrypted and become inaccessible. Individuals who are deploying ransomware are becoming more sophisticated both in the delivery of the malicious software, as well as the incubation period and altering of the data.
According to the FBI, "[i]n a ransomware attack, victims-upon seeing an e-mail addressed to them - will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software." One might consider these techniques to be "old school." While still effective, there are even more subtle ways that attackers can access data. According to FBI Cyber Division assistant director, James Trainor, "[t]hese criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers." In sum, as providers, this poses a significant threat to patient care.
In order to combat ransomware attacks, physicians should adopt a strategy that includes prevention, detection, and corrective courses of action. The most fundamental prevention methods are adequate policies and procedures (e.g., back-up and business continuity plans) and training, as well as having competent IT staff or third party providers who ensure that patches and updates are done on the software.
In relation to detection, training comes into play, as well as pulling the plug on a PC to try and isolate the malware. Finally, corrective action includes contacting authorities, running audit reports and implementing the back-up plan and data recovery. The size of the organization does not matter, so physicians should take precautions.
Certifying Your Communications Technology is Secure
July 5th 2021Physicians Practice® spoke with Michael Parisi, Vice President of assurance strategy and Community Development at high trust Alliance, about how physicians and practice owners can discern whether or not communications technology they are interested in integrating into their practice is certified secure.
Addressing patient suicide risks in your practice
March 1st 2021Physicians Practice® spoke with Dr. Anisha Abraham, author of the book "Raising Global Teens: A Practical Handbook for Parenting in the 21st Century", about signs that a patient may be at risk of suicide and self-harm as well as interventions and communication methods physicians can employ in the clinical setting.
