Ransomware: Questions and Answers

Publication
Article
Dental Products ReportDental Products Report July 2022
Volume 56
Issue 7

Ransomware is still a top security concern for practices. This Q&A guide will help ensure you’re protected.

vchalup / stock.adobe.com

vchalup / stock.adobe.com

Unless you’ve been living under a rock or on a remote island, you know that ransomware has become part of everyday life on this planet. Not a day goes by that there isn’t news of some major company or organization that has been a victim of an attack. With so much discussion about ransomware, we really should take a step back to understand what it is and why it matters.

What Exactly is Ransomware?

Ransomware is pretty much exactly what the name implies. It is a class of malware (viruses) that, once it attacks your computers, can lock your critical files and demand that a “ransom” be paid in order to receive the unlock key. The ransom can range from a few thousand to many millions of dollars; it’s often related to the size of the business being attacked and its ability to pay the ransom. As long as the files are locked, you are pretty much prevented from accessing any of them without a decryption key.

How Does My System Get Infected with Ransomware?

There are many ways your system can be infected. The most common is when you or a staff member clicks on an email that contains the ransomware virus. The email can be a link or an attachment. Some malicious websites have ransomware that can infect your systems just by visiting the site. Many other viruses are able to spread because of vulnerabilities in the Windows operating system.

Is this a Big Deal for Dental Offices?

In a word, yes! Forget for a moment that having your files locked would disrupt your day (or days) completely. According to a memo from the Office for Civil Rights from July 12, 2016, if you are hit with a ransomware virus, you must declare a breach. The Breach Notification Rule is quite clear: You have to notify all your patients in writing, notify the local news media, and have your practice listed on the Department of Health and Human Services Wall of Shame website. It would be devastating for any practice to have to do this.

Can I Protect Myself Against Ransomware?

Yes, absolutely. Good antimalware software is a must, but I would also suggest investing in ransomware-specific products like Intercept-X or HitmanPro. A newer technology, application whitelisting, prevents any unapproved software from running. You should have your systems updated on a regular basis; this is called patch management and is required by the Health Insurance Portability and Accountability Act (HIPAA). You also need to take time to educate yourself and your staff to recognize malicious emails and websites and learn what to avoid.

Should I Pay the Ransom if I Get Infected?

This is a tough question to answer. The offices we support all have encrypted backups, and in most cases, we can restore from a backup. Of course, steps would need to be taken to remove the virus from your network before doing this.

What if you don’t have a good backup? Well, your options are more limited in that case. In the vast majority of instances, paying the ransom will get you the unlock key. The criminals who do this realize that if they didn’t provide the keys, people would eventually stop paying. But we have seen a few cases where the money was paid and no key was provided or, if it was, it didn’t work to restore all the files.

Also be aware that you can’t send these people a check or pay with a credit card. They will require that you use a digital currency like Bitcoin, which is anonymous and difficult to trace back to an individual owner.

What Should I Do at this Point?

Review your security systems in place. HIPAA demands that you do a formal risk assessment and develop a management plan, and there’s no time like the present to start. Evaluate your firewalls, antimalware software, backup, and disaster recovery systems in place, as well as your system for patching your software. Protect yourself now before it’s too late!

Recent Videos
GNYDM24 Product Focus: Josh Gosnell, Vice President, Business Development at Adit, explains how cloud-based analytics and patient communication software can enable practices to run more efficiently.
GNYDM24 Product Focus: Michele Gabriel of DDSmatch stops by the DPR booth at the Javits Center in New York.
GNYDM24 Product Focus: Debra Engelhardt-Nash talks about how Weave's systems can help with increasing patient acceptance and with practices getting paid.
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
2024 Chicago Dental Society Midwinter Meeting – Interview with Peter Maroon, business development and sales lead at Spectrum Solutions® on the new salivary diagnostic test, SimplyPERIO.
GNYDM23 Product Focus: Henry Schein Maxima Turbo Class B Sterilizer with Dyan Jayjack
GNYDM23 Product Focus: Henry Schein Maxima PowerClean 210 with Dyan Jayjack
Related Content
© 2024 MJH Life Sciences

All rights reserved.