Does Your Patient Care Team Include a Cyber Security Expert?
According to a December 2022 article in JAMA, a recent study found the annual number of ransomware attacks on health care delivery organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million patients.
During a recent interview, an Asgard Cyber Security expert relays a story he has seen many times and shares how he and his team were able to come to the rescue.
Q: When you initially met with Dr. Kerry Head and his Office Manager, were they surprised they had fallen victim to a ransomware attack?
ACE: Unfortunately, they were completely surprised. They had engaged an IT Outsourcing company that, among other services, installed anti-virus software on their office computers and made routine back-ups to their patient data. So, they assumed they were not vulnerable to such an attack.
In spite of doing everything right, Dr. Head and his staff came into the office one day and saw an image like this on every computer screen. It was a sobering moment. They quickly learned all their data was being held for ransom.
The backups of the data were not available and the hackers were demanding $3,500.
The total outlay of dollars by Dr. Head and his staff including the attorney fees was in excess of $75,000. Not to mention the disruption to his business, which was substantial. “A month of no patient schedule access, not knowing who was going to show up each day,” said Stacie W, Dr. Head’s office manager. “It was a disaster. The effort and embarrassment of potentially having to notify all our patients of the breach was devastating.”
Thankfully, Dr. Head had Cyber Security insurance, but his premiums have now increased substantially. In fact, in some regions of the country, it is impossible or prohibitively expensive to get Cyber Security insurance at all.
It was after experiencing this terrible incident that Dr. Head began working with us at Asgard. “Dr. Head felt comfortable with our team after our very first meeting. And better still, what he really liked was our software, Asgard Ransomware Data Protector. With our software in place, he knows he won’t have to relive that kind of disruption, cost, and headache again.”
Asgard went on to do system penetration testing for Dr. Head, which is a simulation of a potential attack, that helped our team find and document vulnerabilities the doctor and his staff hadn’t even considered. Recognizing that his staff was a possible weakness in his cyber protection, Dr. Head also engaged Asgard to train his staff and conduct simulated phishing attacks (emails and texts designed to get users to click on links which open up malware that attacks your systems and data).
Q: What advice would you give to other healthcare providers?
ACE: Well, I guess a couple of things….one is, even the best IT Outsourcing firms are not necessarily cyber security experts. They are very effective in doing what they do and Asgard does not replace those service providers. It’s kind of like when your family doctor sends you to a specialist for a particular, complex health issue. Some things just require more than a generalist can provide.
I would also say, what you don’t know CAN hurt you. If anyone reading this would like to get peace of mind to know they are really protected in today’s ever-changing cyber security threat landscape, give us a call for a free assessment of risks in your business. It could save you a lot of future headaches and money.
To schedule some time with one of our experts, call 918-939-9343 or email at firstname.lastname@example.org.