Ransomware: A Frustrating Loss of Your Data or a HIPAA breach?

by Jill Shue, FAADOM

Many practices faced a ransomware attack in September after a security breach within PercSoft, a Wisconsin based dental IT company. Many were left with no data for days or longer, which resulted in a major financial loss as well as the stress of not knowing if patient data remained secure.

One thing many asked was “is this a HIPAA breach?” The Health & Human Services has a clear stance on this concern. Ransomware is a security breach.

Ransomware is essentially blackmail—Hackers encrypt your data and hold it until you pay the requested amount. The amount continues to increase until the hackers delete your data permanently without payment.

Talk with your IT company about what steps they are talking to help you protect your patient data and your practice. Your IT company should be educating you and aiding in your compliance.  Your IT will assist you in:

·        Secure Backup

·        Firewall Installed

·        Antivirus Software Installed

·        Turn on Two factor Authentication

·        Computer and Windows Updates

·        Cyber Liability Insurance

·        Business Associate Agreements with Anyone who Accesses Your Patient Data

In addition to the actions above, schedule your HIPAA compliance training to ensure your team is updated on the latest HIPAA standards and requirements.