|Articles|April 30, 2016

What will a malware breach cost a physician practice?

If you think that you have not had a data breach in your business, you are an ostrich with your head in the sand.

Editor’s Note: Welcome to Medical Economics' blog section which features contributions from members of the medical community. These blogs are an opportunity for bloggers to engage with readers about a topic that is top of mind, whether it is practice management, experiences with patients, the industry, medicine in general, or healthcare reform. The series continues with this blog by Carol Gibbons, RN, BSN, NHA, who is CEO of CJ Consulting, which specializes in healthcare revenue cycle management. The views expressed in these blogs are those of their respective contributors and do not represent the views of Medical Economics or UBM Medica.

 

If you think that you have not had a data breach in your business, you are an ostrich with your head in the sand.  If you have multiple computers in your office and you allow your employees to access their personal email, I can guarantee that you have malware and viruses on some of your computers that your antivirus software is not catching.

 

Blog: Change doesn't have to be a bad thing for doctors

 

The biggest news recently has been about malware, known as ransomware, encrypting computers and taking the data hostage.   

The ransomware known as CryptoLocker has been very effective in generating ransom payments.  It is estimated that in late 2013, thieves collected more than $30 million in a short three-month period according to an article by Jim Flynne of Carbonite.

To pay or not to pay, that is the question

The latest question is whether to pay the ransom or not.  If you have been keeping up with healthcare IT news, you know that some hospitals have paid the ransom and some have not.  There is no right or wrong answer to that question.  However, with a number of large businesses paying ransom for their data, it is clear that the perpetrators of this theft are getting more brazen and attacking more businesses.

 

More from Carol Gibbons: Tips for preparing your practice to survive the millenial patient

 

So if you pay to get your data back, how can you be sure that the perpetrators did not leave a back door into your system to come back for another fee?  You also do not know how much data they downloaded without getting an IT professional to go through your computers to see how they got in and what they may have downloaded. 

Internal server error