The Doctors Company, a physician-owned malpractice insurer, recently posted an article on so-called “ransomware” attacks on healthcare providers. Ransomware is a software virus that infects your computer network by encrypting all of your data so that it cannot be accessed without typing in the encryption key which the ransomware attacker will provide for a price.
I have a lawyer colleague whose law firm was the victim of a ransomware attack. Fortunately, the firm did frequent backups and all the data could be restored without having to pay the ransom. However, there was great disruption to the office, work essentially stopped, and everything has not quite been the same since the data was restored.
The Doctors Company’s article says that ransomware victims only have three options – restore the data (but that requires frequent backups), pay the ransom, or lose the data. For most organizations, especially those in healthcare, choosing to lose the data is not a viable option.
Victims face the loss of business, inconvenience to patients/clients/customers, damage to reputation, and potential liability if needed data is not available and a patient or client or customer is adversely affected.
Prevention, vigilance, and employee education are all critical to responding effectively to a ransomware attack.