Stay Protected and HIPAA Compliant from Ransomware

How to Stay Protected and HIPAA Compliant from WannaCRry Ransomware?

WannaCry ransomware virus has been all over the news lately, affecting many healthcare providers, organizations and institutions. There are new versions and variations of the ransomware every two to three days. What is your dental practice doing to stay protected and HIPAA compliant as the ransomware continues to spread? Do you have a risk management plan in place to help your practice take control and handle the situation should an incident occurs?

Malicious computer programs have been around since 1971. What are the differences between malware, virus, phishing and ransomware?

• Malware – The word malware covers all malicious software, including viruses, worms, trojans, etc.
• Virus – A virus is a type of malware that corrupts a computer system or destroys data on a computer, and it is capable of replicating itself to spread from computer to computer.
• Phishing – Phishing is a method to get confidential and sensitive information from a person, such as social security number, passwords and credit card information. Tip: Before clicking on a link from your email, use your mouse to move over the link to see what URL is hyperlinked. If it does not match the URL from the organization that sent the email, it is most likely a phishing scam.
• Ransomware – Ransomware is a type of malware that encrypts the data on a computer and locking the user from access to the data until a ransom is paid in order to receive a decryption key.

The WannaCry ransomware infects a computer by encrypting all the data, including shared drives from the server if there is no administrator protocol settings to disable installation of executable file. Once data files are encrypted, a ransom note is displayed with information on how to make payment in order to receive the key for unlocking and decrypting the files.

Once a computer is infected with a ransomware virus, it will start encrypting files on the local computer and then spread to the entire network. If you open a malware file on a local computer, shut down or unplug your computer to stop the program from spreading to other computer systems on your network. It is best practice to have group policies in place. A group policy can be applied to all computers on the network to help block ransomware and other malware from installing on your server. It is also important to limit user access to the network shared drives and folders.

Did you know that if a practice experiences a ransomware attack in which patient health information (PHI) files are encrypted, it is considered a data breach as the files have been compromised and disclosed to an unauthorized individual? Under the HIPAA Privacy Rule, a ransomware attack could be considered a security incident which must be reported to the U.S. Department of Health & Human Services.

Example of a ransom note once your files have been encrypted

5 Important Things to Know Regarding Ransomware and HIPAA Compliance for Dental Practices: 

1. Conduct a risk analysis on possible threats and vulnerabilities to your system
2. Implement procedures to guard against and detect malicious software
3. Consider access control to limit the access to ePHI
4. Back up your data files on the server and local computers
5. Perform a risk assessment identifying at least the following four factors:
   • the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification,
   • the unauthorized person who used the PHI or to whom the disclosure was made,
   • whether the PHI was actually acquired or viewed, and
   • the extent to which the risk to the PHI has been mitigated.

The only way to stop a ransomware from continuing to run is to turn off the power to the computer. An IT specialist or company will be able to help by taking out the hard drive, scanning it, and removing the malware. It is important to note that turning off the computer will only stop the malware program from running. Once you turn it back on, the ransomware virus will continue to execute and encrypt your files.

Click on the button below to schedule a web demo with us today to learn about our online patient forms, secure messaging, document library, software integration, and secure patient referrals system. Ask about our easy to use integration tool for the following practice management software: Dentrix, Dexis, Eaglesoft, Kodak Dental Imaging, OrthoTrac, Schick, SoftDent, and WinOMS that can help transform your workflow and improve practice efficiency.