A Texas dental practice was recently forced to shut down twice—for several days each time—because of ransomware attacks. Though the origin of the attacks was not definitively determined, ransomware is typically delivered through phishing emails that contain a link that’s clicked on.
Whatever the method of delivery was, the attacks were devastating. The first one kept the practice shut down for a week. The second attack, which came the following week, shut down the practice for approximately two days.
What Can Help You Prevent or Recover From an Attack?
Here are the most important keys to helping prevent a ransomware attack, or recovering from one.
Up-to-date computer backups
Without a recent full system backup of your computer system, your options for dealing with a ransomware attack are few. You are at the mercy of whoever perpetrated the attack. But if you have an up-to-date backup of your computer system, you can do a full system restore, and bring your system back to a point before the attack.
While a cloud-based option for backups is very convenient, having a full system backup on a portable hard drive stored in a safe location can save you a lot of time, should a full system restore prove necessary. Performing a full system restore from a cloud-based backup can be a very lengthy (i.e. days-long) process.
The old proverb “An ounce of prevention is worth a pound of cure” certainly holds true here. Preventing a ransomware attack, as opposed to dealing with one (even with a current backup) is certainly preferable. (If you had to shut down your practice unexpectedly for a week and a half, what effect would this have on your practice?) In this case, training is the “ounce of prevention.”
Training your staff on what phishing attacks look like helps you prevent attacks. Additionally, a trained and fully-informed staff is a practice’s first line of defense in protecting its patient PHI.
TDA Perks partner, Smart Training, recently released an HB300 2018 training module
that reviews HB300 and HIPAA regulations—and how they apply to dental practices in Texas; as well as addresses the myriad new ways practices can get in related trouble through data breaches, ransomware attacks, phishing attacks, and social media. If you have questions about this training, or how your practice stacks up in protecting your patients’ PHI, you can contact Smart Training