Category: HIPAA

Hip about HIPAA

Female patient at the dentist giving a high-five and looking very happy with her smile design

Dr. Robertson, now retired, was my dentist. He ran a modern dental practice. It was both hip and fun. First, the fun: he always made me laugh. Sometimes, he had to stop the procedure because I was laughing so hard. He remember details about my life, and so did his staff. Shannon, his dental hygienist, always encouraged my progress. How did they remember those details? Was it note taking, a great memory or a HIPAA compliant communications and patient relationship management system? I don’t know. But I always recommended Shannon and Dr. Robertson and his staff because they were excellent in all the ways that mattered. I left their office with a problem solved, a brighter smile and a lighter step. That’s the human “technology” of a great experience.

I Like

What’s hip is that they also used technology to set my appointments. The office sent emails to remind me of my upcoming appointments, and a few years later, based on my preference, switched to text reminders. Sometimes I got texts asking if I’d like an earlier appointment as they had an unexpected opening. And because Dr. Robertson knew I marketed cool technology he would ask me my thoughts about xyz software or technology tools he used. Thanks Dr. Robertson for being great.

Today the modern dental office uses digital patient relationship management (PRM) and HIPAA compliant communication platforms to help their practices run more efficiently.  These systems save money, help staff fill empty seats, send appointment reminders to patients and more. Doctors can make calls from anywhere to their staff on their smartphones to relay patient information. Office managers can automate messages, send funny and informative texts and capture ways patients best engage. But all those digital resources must meet security standards to protect sensitive patient health information.

Meeting those security standards and HIPAA compliance is not complicated. The best technology providers ensure their systems meet regulatory requirements. Janice Janssen, a member of the Academy of Dental Management Consultants (ADMC), offers the following recommendations in her article: Tips for staying ‘hip’ with HIPAA regulations for dental practices:

Create practice HIPAA compliance and security breach policies

Well thought out, written plans are needed to ensure that your practice stays in compliance. Your HIPAA compliance policy should clearly state the responsibilities of your office and each staff member in protecting your patients’ private health information. The policy should clearly outline how your office handles and remediates various kinds of security breaches.

Have a HIPAA privacy officer

The HIPAA Privacy Rule requires certain safeguards to best protect the privacy of your patients’ health information. One safeguard is giving someone the responsibility of overseeing and applying these rules. Large offices may want to hire someone to have this sole responsibility. If you have a small office with a limited budget, then you as the dentist or your office manager can assume this role. Whoever is assigned this job needs to be reliable and organized as well as fully trained on HIPAA laws.

Educate your staff on HIPAA laws

For your practice to stay HIPAA compliant, each employee must know what’s required of them to be compliant. Have your HIPAA privacy officer hold team trainings where employees sign a written agreement that states they’ve fulfilled the required training. Employees can help prevent HIPAA violations and keep the office compliant when they’re educated on what the HIPAA laws are and the consequences of being non-compliant.

Perform regular risk assessments

Security risk analysis is a critical part of maintaining HIPAA compliancy. This helps identify security vulnerabilities in your office and lets you know what actions you need to take to correct and prevent these security violations. Although you can perform these risk assessments on your own, oftentimes it’s more effective when performed by an outside expert, such as Janssen or with the help of HIPAA compliance software.

Use a HIPAA compliant communication system

Ask your technology vendor to provide a HIPAA compliance business associate certificate. If they don’t know what you are talking about, you probably want to try another technology solution with the HIPAA expertise to answer your questions.

RingRx is a phone and patient-staff communication system that’s built specifically for doctors, therapists and providers of health services. RingRx delivers the quality, the value and the simplicity you desire and the security and compliance you need. To learn more, visit our website at www.ringrx.com or call 1-888-980-6860 to speak with RingRx HIPAA compliance certified customer service managers.

 

An App for HIPAA Compliant Communications

doctor examining a baby in a hospital

Now There’s an App for HIPAA Compliant Communications 

Mobile devices like handheld tablets and smartphones with apps for HIPAA compliant communications allow doctors unparalleled flexibility.  But along with the convenience and new uses of photographic and data transmission of patient health information (PHI), every provider must be aware of the legal implications of using these technologies. Now, there’s an app for HIPAA Compliant Communications. Here’s why it’s important.

In an informative article from the Advisory Board, Stacy Cook of Barnes & Thornburg LLP discusses how doctors and therapists can maintain HIPAA compliance as the usage of mobile devices increases among staff and patients. “Mobile devices are not mere cell phones. People often forget that mobile devices are essentially handheld computers where one can easily access and transmit PHI.

For instance, mobile device users transmitting and receiving PHI via public Wi-Fi or email applications on mobile devices are using unsecure mobile networks. This puts PHI at risk of interception. Most mobile devices can take and store photographs, which can be a compliance concern if the pictures violate their privacy. Also, with any mobile device that is relatively small in size, providers must be concerned about misplacement and/or theft resulting in the unintended loss of PHI.

Mobile devices also pose unique storage challenges for providers. This is because individual users can dictate where information is stored. Cloud storage is popular among mobile device users, and users storing PHI in clouds may be putting the cloud provider at risk if a HIPAA business associate agreement is not signed.

To minimize PHI storage liability, most providers now require cloud storage capabilities to be turned off on company-issued mobile devices. However, the major challenge is still managing employees’ and business associates’ personal mobile devices.”

Use a HIPAA Compliant App for PHI Communications

Providers should know that the majority of health-related apps are not HIPAA compliant. Fitness related apps do not need to be HIPAA compliant. But apps that deal with PHI and/or allow providers and patients to communicate with each other must meet the regulatory standard for HIPAA compliance. Ask for credentials and business agreement certifications. Ensure an app supports a HIPAA compliant phone and communication system. Best of all a bundled communication system allows clinicians to choose from a variety of HIPAA-compliant mediums to safely discuss and/or share PHI. It needs to easily integrate with popular office software and EHR systems.

Risk Management Steps

“Providers should develop policies and procedures outlining mobile device usage standards,” states Cook.  “Policies should state whether or not personal mobile device usage is allowed and if so, the usage parameters should be clearly defined. Providers should also be clear as to which party is responsible for security and encrypting the mobile devices. Once mobile device policies are in place, providers should perform periodic audits to ensure that compliance is upheld.”

In Case of a Breach

Cook writes, “Under HIPAA, if the organization is a covered entity (CE) and a breach occurs, then each patient whose PHI was compromised needs to be notified.

Providers should have written policies and procedures in place. They should outline how to investigate a breach and actionable steps to prevent future breaches. Providers must report breaches involving 500 patients or more to the Office of Civil Rights (OCR) at the same time as the patient notifications. For breaches affecting under 500 individuals, providers can submit an annual report to OCR due February of the succeeding year.

Risks of HIPAA Non-compliance?

Under HIPAA, providers can face financial penalties for PHI breaches. The sanctions for enforcement cases range from $100-50,000 per violation with a cap of $1.5 million per calendar year.  Sometimes settlements in excess of this cap occur because the government determined that the violation occurred over a number of years.

A provider’s reputation can also diminish because in addition to reporting to patients and the OCR, CEs are required to report to the media in some situations.”

An App for HIPAA Compliant Communications

RingRx delivers a state of the art HIPAA compliant communications system built specifically to meet help make doctors’ lives easier.  And this includes an app for HIPAA compliant communications relayed on your smartphone. It’s  convenient, secure and delivers high value.

To learn more about a HIPAA compliant for system for doctors, dentists, therapists and clinicians, please visit www.RingRx.com.

RingRx: A Simpler, Better Communication System. One Platform. All Your Devices. HIPAA Compliant and MACRA Ready.

RingRx unifies all digital communication streams from your mobile device, business phone and fax—all into one easy to use dashboard. It simply increases efficiency, helps you improve flexibility, makes patient communications more meaningful with every interaction while reducing errors and cost.

To learn more, call our HIPAA compliance phone and communication system experts at 1-888-980-6860.

What’s VoIP and What’s Smart About a HIPAA Compliant Softphone Anyway?

RingRx HIPAA Compliant Phone System Now Offers an App or Softphone

With the huge growth of mobile and cloud connected telephony, you may have heard about the benefits of a using #VOIP and a #softphone system vs your traditional phone system but what is VoIP and what is a softphone anyway? What are the real benefits? How can  using a softphone positively impact your business, cut costs, unify and secure your communications? RingRx can help you get smart about a HIPAA compliant communication system and now the company has launched an app, a softphone that meets your needs to make calls on the go.

What is VOIP?  For you, the caller, a VoIP phone system works the same way as a traditional Public Exchange phone (PBX). But unlike your landline phone, VoIP phones cost less to use and also give you more functionality than a landline phone. According to the VoIP Report, “VoIP sends voice over the  Internet just like any other data like emails or web browsing gets sent. The data uses “fire and forget” technology. For example, once you dial the number on a VoIP phone, the “line” does not stay open. The data packet containing the phone number gets transmitted and forgotten. The system converts the number into an IP address and moves it along the data stream along with all the other Internet transmissions. Hence, the VoIP line does not stay open. A traditional phone line, once the phone is dialed, remains connected. When the other person picks up the phone, the line stays open. The periods between words or sentences still require the line to remain open. ” With the Internet, if no one speaks then no data packet gets initiated and sent. You are not continually connected. Hence, VoIP is much more efficient at transmitting data or voice.”  In summary, VoIP is less costly, faster and better if…it’s delivered to meet your standards for HIPAA compliance.  Yes, that’s the catch for the medical and mobile health practices. We’ll talk more about that in a moment…but now onto the softphone…a #softphone is a phone that lets you make calls over the internet from a computer or other smart phone device. It is software that acts as a phone interface, allowing you to dial phone numbers and carry out other phone related functions via your touchscreen or by using your mouse, keypad or keyboard on your laptop or desktop.

bannerRX

The softphone is used with VoIP…and is a dynamic and unified way to deliver voice information over the internet. For businesses, the savings are significant. For #doctors and #therapists, the system needs to meet regulatory compliance. 

For doctors on the go, especially those who travel abroad, a HIPAA compliant softphone allows you to conveniently make calls from your smartphones and laptops. It’s also well suited for small and medium size practices– you can cut costs by severing ties with  expensive traditional phone companies. No hardware or upkeep. No IT required. But not all systems are alike. For #healthcare providers, doctors and therapists, your communications must be secure with standards that meet HIPAA compliance. 

RingRx uses the latest voice, web, and mobile technologies to deliver a high-value, user-friendly service to reduce cost and errors and improve convenience. The RingRx VoIP and Softphone system is comprised of several specialized features that target specific pain points unique to physicians, nurses, medical office managers, therapists and their business associates. Presently, the RingRx platform includes a professional grade cloud-based phone system, a smartphone app that adds mobility and convenience, web-based faxing, and an automated on-call system. We provide a web-based user portal to manage the system and more to help you meet requirements for HIPAA and the HITECH Act. The RingRx team’s 20 years experience with traditional on-call solutions provides deep insight into distinct medical and therapist practice needs that cannot be detected by research alone. The RingRx solution – powered by state-of-the-art technology – meets real-world demands.

RingRx is the phone system to keep your data secure and meet regulatory mandates while lowering your phone system costs. Now that’s what’s smart about using the only HIPAA compliant softphone for doctors.

  • Unlimited Local + Long Distance
  • Custom Office Greetings
  • Centralized Message Storage
  • Send Voicemail to Email
  • Link Multiple Locations

heidi 2 retouchTo learn more and try it free, visit RingRx.com. Or contact me at   1-888-980-6860 to set up a call to talk about your specific office needs. We can help simplify your patient-staff communications, save you money on your phone system, increase efficiency and practice management and new this year…grow your business with messaging and more.

 

 

 

 

RingRx in the New Year with Simpler, Better HIPAA Compliant Patient Communications

Happy New Year. We at RingRx, makers of the premier HIPAA compliant phone system for doctors, have put together a quick checklist for you to help keep your practice HIPAA healthy while you manage more efficiently and grow and be more secure in 2017.

A Little HIPAA Primer

Changes to the Health Insurance Portability and Accountability Act (HIPAA) affect everything from how you secure your patients’ protected health information to the contracts you sign with vendors to what you need to tell patients about their privacy rights. The U.S. Department of Health and Human Services, which developed the regulations, says the updates are needed to account for the widespread use of electronic health records and other changes in health information technology that have occurred since HIPAA was enacted in 1996.

banner888

Compliance with the updated regulations requires you to do the following:

  • conduct a risk analysis to determine the vulnerability of electronic protected health information (PHI) to loss or theft, and document that they have done so;
  • encrypt patient PHI so that it can’t be used if it’s lost or stolen;
  • review policies and procedures for what do if PHI is lost, stolen, or inappropriately disclosed;
  • review contracts with vendors and other “business associates” that have access to PHI to ensure that the vendors have proper safeguards in place to secure patient PHI.

RingRx can help. We develop the HIPAA compliant technology for your patient communications–on the phone in the office, via mobile when you’re out and about and even with your calendaring system.  RingRx has the proper safeguards in place to secure patient PHI with its cost-effective phone system, designed for doctors, therapists,healthcare professionals and social workers.

Doctors and office managers report they are seeing significant cost-savings as well. Up to 60 percent savings on their phone systems with unfailing accuracy.

But don’t forget to do this or put it off because HIPAA compliance is a vital key to peace of mind for you, your staff and your patients. Remember the beautiful story of the Little Prince by Antoine de Saint-Exupéry?  I think of this quote often as we build our products: “People have forgotten this truth,” the fox said. “But you mustn’t forget it. You become responsible forever for what you’ve tamed. You’re responsible for your rose.”

RingRx is helping to tame HIPAA compliance for you with your patient communications and your phone system, mobile device and calendaring systems. Plus we have  a simpler, better way to help you connect sensitive patient data and phi on the phone with electronic medical records. With RingRx, HIPAA compliance on the phone is that simple.

 

To get your practice up to speed for HIPAA this year, experts say, conduct a thorough evaluation of your practice operations to make certain you remain in compliance for data security, privacy, and reporting of breaches.

More information about the updated HIPAA regulations is available at https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/index.html

 

tinareyesI’ll get ready to close this Little Primer with another great quote from the Little Prince as I think about the regulatory challenges you manage as you practice in the science and healing arts: “Well, I must endure the presence of a few caterpillars if I wish to become acquainted with the butterflies.” May you transform and grow your practice and reach your goals this year.

I’d enjoy a conversation with you. I can help you learn more about RingRx Free Trial and customizing it specifically for your offices. We’ve been building phone system and conducting live after hours answering services for more than 30 years. We can help simplify your patient communications, save you money on your phone system, increase efficiency and practice management and new this year…grow your business with messaging and more.  Contact me, Tina @treyes@ringrx.com or call me at 1-888-980-6860

THE VOIP HIPAA DILEMMA

For about the last 30 years traditional phone systems have been the standard for most medical practices.  These were bulky systems that had tape drives!  Remember those? But they have evolved into the digital world with messages being texted right to our smartphones.  During this time these messages changed from analog to digital.

This has been a good change for many. Information in digital form does have its advantages.  For medical practices making this switch to VoIP, they now have to consider that their voicemails are now electronic and if they contain PHI they now fall into the category of ePHI and must be protected under HIPAA law.  There is no need to worry about this with RingRx.  We can help!

More About VoIP Systems

These systems provide two main functions:

  1. The transmission of a message (a phone call)
  2. The storage of that message (voicemail)

Because voicemails are stored on cloud-based servers they require HIPAA compliance, contrary to the belief of many.  You can read more about this here in this great article:

http://www.mgma.com/healthcare-consulting/hot-topics/consulting-articles/hipaa-and-voice-over-internet-protocol

This fact has practices like yours mitigating their risks by upgrading to a VoIP system.  This can not only protect your practice when done in combination with the implementation of BAA’s, which RingRx can also provide, but it can save you hundreds on your current phone bill!

FCC CONFIRMS RULES REGARDING HIPAA AND PATIENT TELEPHONE CALLS

The Federal Communication Commission issued a Declaratory Ruling and Order to clarify the rules regarding HIPAA and Patient Telephone Calls.

Are you among the many health care providers that have had trouble understanding these rules and how they comply with the Telephone Consumer Protection Act?   It has been more than 19 and 25 years since these acts were introduced; the FCC did issue a Declaratory Ruling and Order to help clear this up.

This ruling states that, if a patient provides a phone number to a health care provider, the provision of that phone number constitutes express consent to calls being made to that number, subject to certain HIPAA restrictions.  This consent applies to calls related to:  The provision of medical treatment, health care checkups, appointment and reminders. Lab test results, pre-operative instructions, post discharge follow up calls, prescription notifications and hospital pre-registration instructions.  You must also always provide your name and contact details as the health care provider.  It is also recommended to keep calls concise and limited to more than 60 seconds.  There is also a limit to the frequency of calls made to a patient with a maximum of 3 calls per week.  The content is still subject to HIPAA restrictions and can only be made for those purposed described above.  There can be no telemarketing, advertising or solicitation.

For more details on this ruling you can visit the FCC’s website: https://www.fcc.gov/document/tcpa-omnibus-declaratory-ruling-and-order

RingRx can also help.  We have designed a business phone system to help you stay HIPAA compliant by using professional grade encryption to keep your patient’s ePHI safe.

Is Your Healthcare Data Protected from Employee Hacks?

When we think of healthcare data security, we usually think of intrusions coming from outside our network. And that is a real and serious issue. But what if the intrusion comes from within your own organization? Is that a real concern?

IBM Cyber Security Intelligence Index

According to IBM’s 2016 Cyber Security Intelligence Index, it should be more than a nominal concern. It should be your number one concern, especially if you are in the healthcare industry. And don’t just think computer network. Phone systems for doctors are part of the data network that can be especially vulnerable.

IBM’s data showed that 60% of the attacks targeting secure data come from inside the organization or through the use insider information. Two thirds of those insider attacks are attempted with malicious intent. They weren’t accidents or errors; they were intentional attempts to hack into secure data.

Healthcare Tops the List

Of all the industries covered in the IBM report, the healthcare industry topped the list for cyberattack. Many of the attacks came through misuse of employee security credentials. Sometimes this was direct malicious intent of the employee, but often times it was the result of cyber criminals gaining access to security credentials via email phishing or malware. Stolen devices carried offsite was another source of internal security hacks.

Among IBM clients, there were an average of 3.4 of these types of events recorded each week in 2015. This was a significant increase over the number recorded in 2014. HIPAA regulations address this security issue. Unfortunately, most phone systems are designed for general business use and do not take HIPAA regulations into account.

How RingRx Can Help

RingRx was developed as a phone system for doctors. It is fully HIPAA compliant and secured with professional grade encryption. It is a Cloud PBX system, which means no expensive and disruptive onsite equipment installation. We provide simple, yet effective, data security to keep your data safe.

How HIPAA Effects the EMR

As part of Obamacare, healthcare organizations were required to implement an electronic medical record (EMR).  One main concern for healthcare providers and patients is the potential violation of the Health Insurance Portability and Accountability Act (HIPAA).  HIPAA requires the Secretary of the US Department of Health and Human Services (HHS) to regulate and protect the privacy of all American patients.  Additionally, HIPAA regulations further incorporated technical and non-technical safeguards to include the use of the EMR.  More and more physicians are using the EMR for ordering labs, pharmaceutical drugs, and also for all of their patient note taking.  These new entities are making healthcare accessibility mobile and adding on relative risks.  Under HIPAA Security Rule patient’s private health information is protected while allowing healthcare providers to adopt new technologies to improve patient care.  Physicians, nurses, and medical students use the EMR in various rooms of a clinic or a hospital, looking at the same patient, potentiating patient’s privacy rights being ignored.

The security of electronic protected health information (e-HPI) and electronic exchange are specifications of the Administrative Simplification of the HIPAA. These rules expand to the application of health plans, insurance, and transaction of medical records. Under the e-PHI, covered entities are required to:

  • Ensure confidentiality
  • Ensure integrity
  • Ensure accessibility of all e-HPI
    • The medical records of patients that are created, received, maintained, or transmitted.
  • Identify potential threats to security
  • Protect patients against potential threats to their security
  • Inform patients on the potential uses or misuses of the medical records
  • Ensure compliance in the workplace as defined by the government regulations.

Confidentiality is the foundation of all medical practices and should be upheld with integrity in all medical practices.  Improper uses or disclosure of medical records is a violation of HIPAA and healthcare in the United States.  Nonetheless, the consequences should not outweigh the benefits of the EMR in healthcare.  Each healthcare organization that implements the EMR should take their practice’s size, complexity, and capability while making their decision.  The technical portion should also not be overlooked, so the chosen software must be compatible to the organization’s limitations of use.

When an organization chooses to implement a form of EMR they should also be educated on the costs, infrastructure, and time it takes for the successful execution. Most importantly, the EMR must be flexible to accommodate the change in patient load and also be user-friendly.  Maintenance of the EMR is another significant component of implementation.  When the EMR is not working that may mean the patient’s charts are inaccessible, and to account for this the healthcare organization should have a back-up system or the capacity to also have paper charts.  In these scenarios, it is imperative there be a staff member who has exemplary background in the information technology (IT) component and the non-IT component of medical records.  Hence, administrative responsibilities will expand beyond quality care. Managerial positions have now expanded to the healthcare providers as much as those who held the title alone.  Patient medical records are the essential part of medicine that correlate to the aptitude of the medical care professional and the organization itself.  In efforts to not violate any patient privacy laws underlined by HIPAA and also ensuring the EMR is properly used is directly related to the further development of healthcare IT.

Using Digital Services Can Save Healthcare Companies Billions

When you think about common methods hospitals, clinics, and other healthcare companies communicate with patients and others (insurance providers, other health care professionals etc…) it’s easy to see that traditional methods relying on manually processing administration tasks is not cost effective. For the most part this takes place using outdated technology like an old fashioned mail service. The cost of doing things this way is enormous. A change to the conveyance of information via a digital format would save an estimated 8 billion dollars a year as outlined in this article

It’s true that our society in general and healthcare industry in particular have experienced significant leaps in technology that now offer us tremendous benefits. In particular our hospitals and health care facilities offer some of the most advanced patient care in the world.  And while this is all good and well, there are areas that unfortunately lag behind, especially in healthcare administration methods.

There is still an overall reliance on outdated communication services. Specifically landline telecommunication, and of course the costly practice of traditional hardcopy mailing practices. When you think of the numbers involved, both in terms of the cost of paying people to perform these services as well as the cost of material, even a slight trend toward digitization could result in large cost savings.

Naturally the lure of saving money is the main reason that facilities are moving in this direction. This is an unneeded cost and one that can be spent in other areas. This is money that doesn’t need to be spent, not really. It’s being used on something that can be easily be done by computer, with proper encryption of course; which is necessary to keep patient data private and in paperlesscompliance with HIPAA regulations.

As stated in the article, Gwendolyn Lohse, Deputy director at CAQH (Council for Affordable Quality Healthcare) stated, “I think we’re all familiar with HIPAA, which was created two decades ago. Even though that it was created two decades ago, we’re still really using manual processing for a lot of these transactions and a minimum reporting of the results to realize, as an industry, we need to do better and we need to work together to do better and to push adoption on things that do exist like best practices so we can have electronic, real-time transactions to support what needs to be a modern healthcare system.”

RingRx is at the forefront of the move towards a digital solution in how we communicate. In using our smart phone app in addition to the option to have the most advanced desk phones on the market for your office you have less to worry about, since both utilize encryption technology making HIPAA compliance a non issue. The advanced RingRx on-call application is user friendly and makes you available to the needs of your office in real time. And the money saved when switching to a cloud based VoIP service like RingRx is substantial.  For health care facilities looking to improve efficiency and save money, we are here to help out.

For more information on the topics touched upon in this blog please follow the link bellow.

http://revcycleintelligence.com/news/how-automation-technology-could-cut-8-billion-in-healthcare

Ransomware: A New Global Issue for Health Care

In February of this year a cyber attack on multiple hospitals in multiple places around the globe took place. This was achieved using a software commonly known as ransomware.  Ransomware is a type of malware that is installed by hostile agents that prevents or limits users from accessing their own system.  After the infection, the agents of the malware notify the attacked parties that they will remove the malware only on payment of a ransom.  Hence the term “ransomware”.

This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back (patients data in the case of hospitals). The implications regarding HIPAA compliance are significant. 

Although ransomware is usually aimed at individuals, this incident makes it clear that businesses, including those in the healthcare field, can be threatened by these types of cyber attacks as well. The most widely knransomewareown case of a hospital being in the cross hairs involved Hollywood Presbyterian Medical Center, in Los Angeles. This resulted in the hospital paying about $17,000  to the attackers to unlock its data. Unfortunately, given the risk the hospital faced, they had little choice.

The ransomware attack in California was followed by one in Germany on February 11th, which was generated by an email. This time the hospital involved took a different course of action.

“The hospital said that it had complete backups, meaning that it could wipe and restore affected systems, and noted that all patient data was already encrypted, which forestalled any potential data loss. But as a precautionary measure, the hospital reportedly took all of its systems offline until they were fully restored, rescheduled 20 percent of its surgeries and shifted less-severe emergency care to neighboring hospitals” according to this article.

Of course this method is a fairly extreme measure, and many institutions may not have the same type of backup system that would permit such a restore. The fact that the hospital had all of their files properly encrypted was an obvious advantage.

Titus Regional Medical Center, which is located in Mount Pleasant, Texas was similarly targeted. Their data was forcibly encrypted by ransomware and they were unable to access it.  The resulting action taken by the facility is as of yet unknown.

Until recently the targets for ransomware were individuals. And while it may seem obvious in retrospect, the new developments concerning Hospitals caught some off guard. The change in focus to the hospitals is a change in tactic.

The article also explains the similarity of the infection tactic: “the attacks differ little from what’s previously been seen in the wild. Indeed, the mechanics of ransomware attacks are well-known, starting with attackers’ malware-distribution tactics, all the crypto-ransomware we encountered in 2015 was distributed either by drive-by-download attacks or by macro malware in spam emails.”

The recent ransomware encroachments on hospitals is a new development and of obvious concern to anyone working in the healthcare field. What started off as cyber attacks on individuals has now made the obvious leap to businesses, including reputable hospitals worldwide.  As they continue their efforts to target business, steps will be taken to avoid the damage done. But its a learning process, and as it’s a relatively new development sometimes it’s (unfortunately) easier to simply pay the price.

For more information on the recent ransomware incidents involving the hospitals mentioned in this blog please click on the link below.

http://www.healthcareinfosecurity.com/ransomware-hits-hospitals-a-8872

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions