Ransomware attacks have affected several practices over the last couple of months. Computer infections affect all users and patient care as well. Infection of a workstation is an inconvenience. Your computer is unavailable for several days while it is rebuilt. You lose pictures and documents that are not saved anywhere else. If there are not proper security measures in place, this infection can spread to other workstations, or even your servers. A server was recently compromised, and all data on the drives encrypted.
During an attack, patient data may be compromised. If your servers are involved, your access to eClinicalWorks is suspended, and the data may become locked forever. You may have a choice to pay the ransomware developers, and if you do, they may provide details to unlock your information. But there is no guarantee.
A practice recently affected by ransomware had a $3,500 ransom demand. They chose not to pay, instead reverting to a backup taken from the night before. In this case, the backup was effective, and no data was lost. That said, the practice was without eClinicalWorks for several days while the server was rebuilt, and security remediation was put into place. In the weeks following the attack, interfaces and exchanges were interrupted as the security measures were modified. Yet the situation could have been much worse.
Every computer user is on the front-line of information security. One of the best ways hackers have of getting into a computer network is to get a user to click on a website or open an email attachment. Users of all IT experience are targeted, and the attacks are getting more complex. An attacker can make an email look like it’s coming from a trusted vendor or friend. If you’re not certain of what you’re opening, don’t open it. Call Information Services to assist, or call the person who sent the email to verify. The small steps you take if something doesn’t look quite right can make a big difference to the security of your network and data.
Information Services must also be vigilant. Building and testing backup and disaster recovery should be a regular occurrence. A practice’s tolerance for a system-down and budget, will determine the proper backup solution. There are many services and solutions for storing your data off-site. Be certain to use a reputable company and test your implementation regularly. Maintain anti-virus/anti-malware tools and keep all systems up-to-date.
We are happy to talk with you during the rollout and testing of your backup and recovery planning. Simply open a case and it will be routed to the technical services team, who will help with any questions you have about eClinicalWorks backup and recovery needs.