WannaCry ransomware virus has been all over the news lately, affecting many healthcare providers, organizations and institutions. There are new versions and variations of the ransomware every two to three days. What is your dental practice doing to stay protected and HIPAA compliant as the ransomware continues to spread? Do you have a risk management plan in place to help your practice take control and handle the situation should an incident occurs?
Malicious computer programs have been around since 1971. What are the differences between malware, virus, phishing and ransomware?
The WannaCry ransomware infects a computer by encrypting all the data, including shared drives from the server if there is no administrator protocol settings to disable installation of executable file. Once data files are encrypted, a ransom note is displayed with information on how to make payment in order to receive the key for unlocking and decrypting the files.
Once a computer is infected with a ransomware virus, it will start encrypting files on the local computer and then spread to the entire network. If you open a malware file on a local computer, shut down or unplug your computer to stop the program from spreading to other computer systems on your network. It is best practice to have group policies in place. A group policy can be applied to all computers on the network to help block ransomware and other malware from installing on your server. It is also important to limit user access to the network shared drives and folders.
Did you know that if a practice experiences a ransomware attack in which patient health information (PHI) files are encrypted, it is considered a data breach as the files have been compromised and disclosed to an unauthorized individual? Under the HIPAA Privacy Rule, a ransomware attack could be considered a security incident which must be reported to the U.S. Department of Health & Human Services.
Example of a ransom note once your files have been encrypted
5 Important Things to Know Regarding Ransomware and HIPAA Compliance for Dental Practices:
The only way to stop a ransomware from continuing to run is to turn off the power to the computer. An IT specialist or company will be able to help by taking out the hard drive, scanning it, and removing the malware. It is important to note that turning off the computer will only stop the malware program from running. Once you turn it back on, the ransomware virus will continue to execute and encrypt your files.
Click on the button below to schedule a web demo with us today to learn about our online patient forms, secure messaging, document library, software integration, and secure patient referrals system. Ask about our easy to use integration tool for the following practice management software: Dentrix, Dexis, Eaglesoft, Kodak Dental Imaging, OrthoTrac, Schick, SoftDent, and WinOMS that can help transform your workflow and improve practice efficiency.
Click here to read previous blog posts from Dental eShare.