• Skip to main content
  • Skip to primary sidebar
  • Home
  • Topics
    • Administrating Excellence
    • Building the Office
    • COVID-19
    • Growing the Practice
    • Leading the Team
    • Making the Clinic Work
    • Medical Students/Residents
    • Using Health IT
  • Allscripts EHR Training Videos
  • Podcast
  • Resources
    • Case Studies
    • Checklists
    • Infographics
    • White Papers
  • Member Area
  • Member Login
  • Register

SBGM

Knowledge to Transform Your Medical Practice

My Practice will Never be Hit by Ransomware

By Paul Cox

What do i do if my medical practice is hit with ransomware

One of the biggest mistakes physicians and practice managers can make is to assume they will not be a target of cyberattacks. Unfortunately, this is absolutely untrue. Recently, a two-physician practice in West Michigan was the victim of a ransomware attack. The practice lost access to all medical records, billing, scheduling, and other critical data after ransomware attackers encrypted all data on their computers and network. The attackers demanded $6,500 for a decryption key to unlock all the data on the practice’s computers. Instead of paying, the physicians decided to retire so they wouldn’t have to deal with it. All of their records were permanently lost. All of their patients had to find new physicians without access to any of their medical history. Cyberattacks not only affect the practice’s business operations–they affect patients too.

What Is Ransomware?

Ransomware is a type of computer virus that infects and encrypts all data on a network. Users lose the ability to access anything on the network. For a physician practice, this means no access to patient medical records, billing, financial records, insurance verification, scheduling, and more. Ransomware attackers typically extort money by displaying an on-screen alert stating the user’s systems have been locked or the files have been encrypted. The user is informed that unless a ransom is paid, access will not be restored. Ransomware is usually spread by phishing attacks or click-jacking (when a user is tricked into clicking on something that looks useful but takes them to the criminals’ sites). For more information on ransomware, watch the youtube video below.

What Makes Medical Practices a Target?

With the passage of the Patient Protection and Affordable Care Act (PPACA) in 2012, all public and private healthcare providers were required to adopt electronic health records (EHRs). Although the intentions of this were good, a drawback is that health care providers become dependent on computers as part of everyday operations. To be fair, it wasn’t just the passage of the PPACA—our society has grown highly dependent on computers for everything we do, both personal and business, making computer systems prime targets. Not being able to use your computers coupled with not having access to all your data is a devastating scenario for any business. Cyber hackers know this all too well and ransomware is among their best weapons.

The cyber attackers in the West Michigan attack demanded $6,500, and although this may be a relatively small amount for a professional business, there are other financial and legal issues to consider. Even if the practice agreed to pay the $6,500, they would still have had to hire highly specialized forensic IT professionals to ensure no trace of the virus remained. In some cases, computer systems would need to be completely rebuilt. Revenue will be lost from even a day of not being able to see patients. Then there are the legal costs. Are there HIPAA violations? Do the attackers have a copy of all the data that was on the system? Will patients sue the practice for not being treated? The cost implications could easily add up to over $100,000—staggering for a small business.

How to Avoid Being Victim to Ransomware

Although the impact of ransomware can be devasting, there are actions medical practices can take to protect themselves.

  • Backup all data routinely and have a recovery plan for all critical information. Perform and test regular backups to limit the effect of data or system loss and expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from your network for optimal protection.
  • Keep operating systems and software up to date with the latest patches. Outdated applications and operating systems become vulnerable and are the targets of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the internet prior to executing.
  • Restrict users’ abilities (permissions) to install and run software applications, applying the principle of least privilege required to all systems and services. Restricting privileges to users and machines that truly require them limits the likelihood that malware will be installed and can limit its ability to spread through your network.
  • Avoid enabling macros from email attachments. If a user opens a malware attachment and enables macros, embedded code will execute the malware on the machine.
  • Do not follow Web links in unsolicited emails. 

To learn more about Cybersecurity and Using Health Care IT, join us on  Facebook, Twitter, and LinkedIn. 

Cybersecurity Guide Available to Members of Smart Business Great Medicine.

Print Friendly, PDF & Email
Share the knowledge to transform your practice

Filed Under: Using Health IT, Latest Articles Tagged With: Administering Excellence, Cybersecurity, Practice Manager, Using Health Care IT

Primary Sidebar

Tags

Accounting for Physicians Administering Excellence Administrative Excellence Building the Office Building the Practice Burnout Clinical Trials Compensation COVID-19 Cybersecurity Electronic Health Records embezzlement Emotional Intelligence Finance Growing the Practice health care accounting Health Care Practice Dynamics Health IT Human Resources Improving Outcomes Leading the Team Making Medicine Fun Again Making the Clinic Work Medical Appointment Scheduling medical practice accounting medical practice banking Medical Practice Embezzlement Medical Practice Expenses Medical Practice Finances Medical Practice Revenue Medical Schools Medical Students Patient Education Patient Engagement Phone Tree Practice Manager Prior Authorization Residency Scheduling Scheduling Software Staff Engagement Taxes Using Health Care IT Voice Assistants Voice Technology
JNP Enterprises © 2025 ·
This site uses technologies such as cookies to provide a better user experience by personalizing content and ads, analysing web traffic, trends, and improving site operations. we may share information about your use of the site with third parties in accordance with our Privacy Policy. By continuing to use this site, you agree that we can save cookies on your device, unless you have disabled them. You can change your cookie settings at any time by visiting our Cookie Policy, but parts of our site may not function correctly without them.OkPrivacy policy