If you are a principal Healthcare Provider, Practice Manager, or Office Manager at a Medical Practice, the prospect of fines from The Department of Health and Human Services is a constant threat, especially in the world of Ransomware and rampant Operating System and mobile device vulnerabilities.
“Just pay the ransom”, your Managed Service Provider or System Administrator may tell you.
If you do, be aware that criminals do not, as a class, have a great track record for honoring agreements with their victims. In fact, by “just paying the ransom” you may actually open the door to far worse breaches in the future, by self-identification (from among a possible sea of automated infections) as a real business with staff who are proven susceptible to “social engineering” and extortion.
Even if you do “Just Pay the Ransom”, if Personally Identifiable Health Information (PHI) was compromised and/or accessed by a hacker, malicious script, or other related device, The Department of Health and Human Services imposes stern requirements for reporting such breaches, and stiff penalties for practices who fail to report the same.
Do not assume that “The Practice” will absorb all of the “Blame”. As you may have heard, certain things tend to roll downhill, and “Blame” is often one of them. Learn from the Mercy Health nurse in Michigan (details above) who was reportedly terminated from service at Hackley Hospital (Muskegon, Michigan), for a stated HIPAA violation, alongside other employees for similar offenses.
Also, do not assume that your current “Backups” are a safe protection measure against Ransomware and similar breaches. As shown above, even paid professionals can drop the ball on securing backup repositories from Ransomware encryption.
And even if they do protect the backups – it may still be considered a “Reportable Event” by HHS (The Department of Health and Human Services) PHI (Personally Identifiable Health Information) was accessed or compromised.
Learn from the mistakes of other Medical Practices and Healthcare Providers. Do not be the subject next news story regarding fines from HHS for HIPAA violations related to filesystem and ePHI security.
Contact Amerihub today and protect your patient data: help@amerihub.com