What to Do When Your Practice Is Ravaged by Ransomware

Chris Jordan


Do you wonder how cybersecurity concerns can impact your practice? Ransomware attacks are up more than 200% since 2018 and will likely remain the number one cybersecurity issue well into the decade. This type of cyberattack is one of the most malicious tools used by cybercriminals worldwide that directly impacts business owners daily.

A form of malware that encrypts sensitive files, ransomware holds them hostage until a ransom is paid for access to be restored. Typically, payment is requested in bitcoin due to its lack of traceability, leaving behind little to no evidence of the attack itself. Dental offices should note that 89% of healthcare organizations have had patient data lost or stolen since 2018. Is your practice prepared?

Medical Industry Pulse

Ransomware is the leading concern for healthcare specialists, with 69% of providers feeling vulnerable to a data breach. Yet these businesses are ill prepared for cyberattacks. Many have turned to the cloud for data storage, which is far more convenient but easily hackable. IT personnel at any dental practice, whether in-house or contracted out via a third party, should be aware of this gaping security hole, especially when personal data is on the line.

Criminals find patient records very valuable and can sell patient information for as much as $1,000 per record. To understand the value of an electronic health record (EHR) on the dark web, Social Security numbers are only worth $10.

Begin With the End: Extended Endpoint Detection

The expensive lesson to be learned is the relevance of extended endpoint detection and response (XDR) when it comes to securing your business. Many healthcare organizations realize this after an attack. You can avoid the stress, loss of business, loss of confidence by your patients, and the cost of rectifying the breach by paying as little as $20 per device per month for the protection you need.

Extended endpoint detection provides a deeper look into potential network vulnerabilities before they morph into larger problems. As part of a comprehensive security architecture, XDR provides behavior pattern abnormalities, alerting the network administrator of issues as they are occurring and enabling the administrator to stop an attack while it is happening. Consider it your last line of network defense. But what can be done when this isn’t the case?

Steps to Take After a Cyberware Attack or Ransomware Attack

Ransomware attacks require an efficient, high-caliber pre-planned incident response strategy, with XDR at the helm. This strategy should include the following steps when you get attacked.

  • Notify the Internet Crime Complaint Center (IC3) office of the FBI or your local FBI office about a ransomware attack. Many businesses try to rectify the attack internally and do not realize many of these breaches are conducted by state actors. The government needs to be aware of such events to help prevent and address foreign threats.
  • Bank accounts and credit card companies should be notified immediately. Have account information with contact numbers on a quick reference sheet for you to immediately notify necessary government officials of a breach.
  • Create an inventory of all hardware and software. You should already have an asset list readily available. If not, create one. Note older PCs, laptops, printers, and routers create vulnerabilities, allowing breaches to occur more easily. Many of these occur from outdated software on the equipment. Remember to keep your hardware and software up to date.
  • Back up all systems with multiple copies and change all access keys.
  • Monitor web traffic closely.
  • Clean up credentials, as strong passwords are extremely critical. Consider using multifactor authentication (MFA). Receiving a code on your mobile device is a small inconvenience for ensuring login authentication.
  • Whether you pay the ransom or not, rebuild all the machines from scratch. This is a tedious yet necessary process to ensure all malware is gone. Paying the ransom does not guarantee the malware is gone with renewed access to your data.
  • Reinstall programs, since sometimes viruses may still be living there.

Ransomware is almost certain to remain the leading cyber issue for the healthcare industry.  And although it’s been around in some fashion for decades, variations of ransomware have grown increasingly complex in regard to its ability to spread, evade detection, encrypt files, and coerce users into paying ransoms.

Following even the most basic preventative steps will help your practice either prevent an attack or return to normal business post-attack. Utilizing XDR will help your business by being proactive and addressing activity on your network while it happens instead of waiting for log data reviews.

Important Links

IC3 offers additional information about reporting a ransomware attack, what to report, and further details about ransomware online.

Mr. Jordan is CEO of Fluency Security, which he cofounded in 2013. He offers a deeply blended array of technical and management experience, selling his previous company, Endeavor Security, to McAfee in 2009 and then serving as McAfee’s vice president of threat intelligence from 2009 to 2012. Other previous leadership roles include engineering positions at cybersecurity organizations, including serving as an initial member of the US Army Computer Emergency Response Team. He holds a master’s degree in computer science from George Mason University and a bachelor’s degree in computer science from Virginia Tech. He also is a founding cohost of the Beers and Bytes podcast, which discusses trends and challenges in cybersecurity while critiquing unique brews from around the country. He can be reached at chris.jordan@fluencysecurity.com. Also, Fluency Security is on LinkedIn and Twitter, and the Beers and Bytes channel is available on YouTube.

Related Articles

What Dental Practices Need to Know About Cybersecurity & HIPAA Compliance

AAO Warns Its Members About the Importance of Cybersecurity

How Data Breaches Impact Dental Practices During a Pandemic