Guidance on Ransom-ware Attacks

Top 10 List to Protecting Yourself from Ransomware

In July, 2016 the Department of Health and Human Services Office of Civil Rights issued guidance intended to help healthcare entities understand and respond to ransom-ware attacks.

ransom ware touchscreen is operated by businessman.

Ransom-ware is a type of malware that denies a user’s access to its electronic data by encrypting the data with a “key” known only to the perpetrating hacker.  After the malware is deployed, the hacker demands that the user pay a ransom (often the request is made in cryptocurrency, such as Bitcoin, to preserve the hacker’s anonymity) to obtain the key and decrypt the data.  However, there are no guarantees that once the ransom is paid will the hacker provide the necessary key.

According to the report issued, there have been 4,000 daily ransom-ware attacks since early 2016 (a 300% increase over the 1,000 daily ransom-ware attacks reported in 2015).  Doesn’t that seem incredible? Why would these people target businesses such as yours?  Here are some thoughts:

  • They know it’s where the money is
  • They know that they can cause some major business disruption, which will put you in a very vulnerable position
  • Because through the business their dirty deeds reach a more extensive system – networks of computers, and cloud-based systems may be impacted
  • Because small business, especially healthcare providers, are often not well prepared to deal with these types of cyber attacks

After reading the HHS report, I set out to build a checklist that would help prevent this from happening to me and you, my client.  Here is my “Top 10 List to Protecting Yourself from Ransom-ware”:

  1. Back-up your data and make sure it works!  Having a couple of backups may even be a good idea – using an external drive that is removed from your office and using a cloud-based back-up system.  Side-note: Whatever backup system you may use for Protected Patient Information be sure it is HIPAA compliant and that it follows security management process described in your policies.
  2. Keep your computer operating system up to date.  New updates are issued often that contain fixes to security issues.  The same is true for the software you use – check for updates often.
  3. Use extreme caution when you are on-line and using the Internet.  Know your sites and stay away from any pop-up ad campaigns.
  4. Never open spam mail or mail from unknown senders.  If the subject line of the e-mail I receive is empty, or, if the e-mail looks even somewhat suspicious, it gets the “shift-delete” treatment.  It doesn’t even get a chance to reside in my trash bin.
  5. Use caution when downloading files, opening files, or clicking on hyperlinks – know your sources!  If you ever do open a suspicious file by mistake, shut off your Internet connection.
  6. Have security software installed and keep your subscription up to date.  One the best ways to protect against a virus is to have defenses in place to ensure you never receive any in the first place.
  7. Keep your system locked down when you are not using it and never share your password with another user.  And, I hate to say it – don’t keep your password on a sticky note placed on your computer (yes, I see this frequently).
  8. Keep your employees privileges locked down on your network.  Make it difficult for them to do their on-line shopping, visiting unknown websites, or social media sites on your business computer.
  9. Don’t let your children or grandchildren on your computer – I’m serious! Over the years I have tried to fix more computer problems as a result of kids games and files they download.  Give them their own gaming or computer system and keep them off your computer.
  10. Don’t pay the ransom. Even if we follow the above checklist, it’s possible we could find ourselves subject to a cyber-criminal.  Paying the criminal only puts you in a position of being a repeat customer.

Computers have become an integral part of the way in which we do business today.  I find myself being in a love, hate relationship.  I love the efficiencies and conveniences they provide.   I hate the damage they can cause to relationships, work / family time, and our pocket-book.  I’m probably not going to eliminate technology from my life any time soon.  In fact, my use will likely only increase with time – so, I guess it just makes sense to be smart in the way in which we use them.  Hopefully, this checklist will help us both in making life with them just a little better and little safer.

If you are interested in receiving a copy of the HHS report,  go to http://mikeldevries.com/HHSReport for a pdf copy.

Mike DeVries is a CERTIFIED FINANCIAL PLANNER ™, Enrolled Agent,  and a Certified Healthcare Business Consultant focusing on helping healthcare professionals. If you would like to learn more about becoming a client, contact Mike at www.vmde.com.

Bake My Day – A Recipe for Patient Satisfaction

The Secrete Sauce for Marketing a Doctor's Services

He called on Mother’s Day.  “May I speak to her?”, he asked.  My jaw dropped as I listened to my fifteen-year-old daughter, who was recovering from ACL knee surgery, talk with her Orthopedic Surgeon.  He was calling just to see how she was feeling. Even though my wife provided our daughter’s current status and answered all his questions, he wanted to take a minute to talk with the patient for whom he cared. It was awesome that Dr. Steward called to check in with his patient. One might even expect such a call.  But, when he ended the conversation with my wife asking – “May I speak to her?” – he just created an awesome experience – patient satisfaction for both the patient and her parents.  It was as if he put extra sprinkles on a baked cake…marketing at its finest.

Top of Easter cake covered with white icing and sprinkled with color pops. Candy background.

Build an Exceptional Team – Start with Position Descriptions

Free Position Description Templates

Having clearly defined Position Descriptions is the first step in the process building the right team for your office.  I often receive questions from clients related to staffing issues in their office. And, I often answer their question with a question – What does your position descriptions say?

Position Description

Assess & Measure Your Hygiene Department [Podcast]

Play
Hygiene Practice

Episode 012

Doctors Business Management Show

If you Like the Show, Encourage Us with Your Support

Focus

Are you maximizing your Hygiene Practice? Productive, Profitable Dental Practices always have a productive hygiene department.

Your Dental Hygienist is an important member of  your team in assisting your patients with their oral care.  Under the new government health reform, which includes mandatory oral health benefits for children and young adults up to 21 years old, the role of your hygienist will continue to evolve and expand.  In addition to the role of your Hygienist and the work they do for your patients, the business aspects of this segment of your business are also very important to the overall profitability and success of your practice.  In this episode, Mike and team members, Mary Millar, RDH, BS, and Ben Lane CPA, JD discuss Measuring Key Hygiene Department Business Components to improve the bottom line of your Dental Practice.

What's good for Your Patient, is good for Your Practice. - Michael L. DeVries, CFP®, CHBC, EA Click To Tweet

 

Providing Staff Evalutions for Your Office Staff

Any conscientious healthcare business practitioner for various reasons can easily overlook evaluating office staff. Two basic reasons are: one, it is extra work; and second, many doctors simply believe that all is working well in their offices and do not want to “rock the boat”.  Yet, it is very important for you to know that your office is operating as efficiently as it can, and with a well-planned, routinely conducted staff evaluation program, you can achieve several advantages.

Accurately Evaluating Your Office Staff

Don’t be Fooled by Fake IRS Communications

5 things you should know about phishing scams

Be aware that fraudsters are trying everything they can to obtain your personal or business financial information.  I received a call from a doctor client who indicated that she received an e-mail from the IRS stating that they were due a refund for taxes paid.  The e-mail looks legitimate as even indicates an official looking reply to address – office@irs.gov.  The body of the email states the following:

Phishing Scam Warning Sign

Business Intelligence – Using Your Data to Manage Your Practice [Podcast]

Play

Episode 011

Doctors Business Management Show

Focus

In this episode, Mike DeVries & his guest, Nate Moore, discuss Using Business Intelligence. Using data from your Medical Practice to Manage Your Business Better. The YouTube Video below is a video recording of the show in which you can see the example reports that were discussed during the show.

If you Like the Show, Encourage Us with Your Support

Review Your Interest Rates

4 things to check if you refinance your adjustable rate loan

Interest rates have been low over the past many years, which has been most advantageous for utilizing adjustable rate loans. Experts say that interest rates will be on the rise this year – an easy prediction given where rates are currently; how can you go wrong? A better prediction would encompass how quickly the interest rates will they rise? I figure why take a chance; why wait?

Interest Rates

Is your Medical or Dental Practice ready for EMV?

Be ready by October 1, 2015

October 1, 2015, all businesses that accept in-person credit card payments must be able to accept new EMV-compliant credit and debit cards, or risk being responsible for card fraud losses.

EMV Credit Cards