By Jack Anderson
April 5, 2019
ENT Practice closes their doors after hackers erased all patient records in retaliation for not getting paid the $6500 ransom they demanded.
The founding physicians decided to retire early rather than pay the ransom. $6500 does not seem like a lot to me and preserving the patient records would have been nice. Of course I don’t know all the circumstances but let’s take another look at ransomware.
Hacking into most small practices is certainly a lot easier than hacking a hospital system with a lot of safeguards built in to the system. Once the patient data has been locked up Health and Human Services (HHS) considers this a HIPAA breach, even if it is not proven that the patient records were accessed. In this case the EHR system had encrypted the files so they were probably not accessed.
Since the patient records were apparently not worth $6500 to the founders the hackers erased all the system’s files including patient information and appointment schedules. The medical practice plans to close on April 30 and the staff is providing referrals and answering questions. Not a job that I would relish.
So, check your firewall, say your prayers do your NIST CSF risk assessment and back up your data!