
How many of you practice owners have considered what effect it would have on your business if you suddenly had to shut down for a couple of weeks to deal with a ransomware attack?
An April 22, 2023, cyberattack on a Tennessee clinic forced it to completely shut down operations for approximately two weeks to contain an attack and restore its IT systems.
It’s common for healthcare organizations to perform an emergency shutdown of the network to contain a cyberattack and limit the harm caused, and to operate under emergency procedures with staff recording patient information manually while systems are out of action.
This was the case here: the network was rapidly shut down to contain the attack, and third-party cybersecurity experts were engaged to assist with the investigation and recovery from the attack. The clinic has also been working with law enforcement to investigate the incident.
While those processes were completed, the decision was made to close all operations. Fortunately, the quick action taken in response to the security breach limited the damage, and work has continued round-the-clock to safely bring systems back online and enhance security controls.
The clinic planned to reopen on a limited basis on May 3, 2023, and restore full operations shortly thereafter; however, the recovery process took longer than planned. On May 5, 2023, all procedures were canceled, and the clinic remained closed, although phone lines were restored.
On Monday, May 8, 2023, some scheduled appointments went ahead as planned, though operations remained limited.
A Similar Case in Texas
In 2019, a single-location practice in North Texas had to pause operations due to two separate ransomware attacks that occurred over a two-month period. Each caused the practice to shut down for over a week.
The bad news is the practice lost over two weeks’ worth of production and immeasurable patient goodwill. The good news is that the business had an excellent set of office procedures in place, including full-system backups performed each evening. With the backups, the practice was able to completely restore their system in both instances.
In each occurrence, the practice either wiped their hardware clean or replaced the hardware and restored from their backups. It “only” had to recreate the data for the patients seen on the days the attacks occurred. Sounds like a simple but time-consuming solution, right? Yes and no. Would you want to have your practice experience this not once, but twice? Sitting here reading this, how confident are you that your practice is equipped to deal with a ransomware attack?