May 2020 Volume LV Number 3


Treloar & Heisel

May 2020 Volume LV Number 3

How to Respond to a Ransomware Attack
By Robert D. Clark, J.D., Compliance Officer, Treloar & Heisel, Inc.
If your practice’s IT system is ever the subject of a ransomware attack, then you will likely be familiar with the stressful and debilitating situa- tion ransomware can cause, not to mention the potential financial impact. Here are some steps that you should consider taking to respond to and recover from a ransomware attack on your practice.
First, let us explain what ransomware is and how you may be harmed by it. Ransomware is a malicious software or virus and its purpose is to prevent you from accessing your IT system. Ransom- ware can encrypt or lock your practice computers, or at least lock you out from accessing certain files, and holds your electronic devices for ransom. You can’t gain access to the files necessary to run your practice, such as patient records or billing information, until you make a ransom payment to the person in control of the ransomware. In this way, ransomware can completely shut down your practice’s opera- tions.
Ransomware can infect your practice’s devices in multiple ways. For example, it can be spread through a phishing email, visiting an infected website, or clicking on an infected link or ad. If someone in your practice opens an infected email attachment, then the ransom- ware may have access to your practice’s IT system and be able to lock you out from accessing it.
Likely the first step you will want to take is to contact your IT con- sultants, if you have them. You will need to rely on a trained IT-spe- cialist to make a review of your IT system to determine the extent of the ransomware infection. The IT consultants can assist you in trying to isolate the ransomware, to limit the number of files or devices that it locks. They may also be able to identify the strain of ransomware, to try to help mitigate its effect.
If possible, your IT consultants may be able to undertake efforts to remove the ransomware and recover your access to your IT systems. Unfortunately, this is not always possible. This is often a situation where an ounce of prevention is worth a pound of cure. The IT con- sultants may just advise you to wipe your system and start fresh, hope- fully with a recent system backup that you have saved and with better protections in place to try to prevent a future ransomware event.
You should also consider contacting a legal professional in your area who is experienced in handling cybersecurity events. The legal issues that can arise from a cybersecurity event are numerous and you may need the guidance of a legal professional that is familiar with these specific issues. From reporting the attack to legal authorities to providing notification to patients’ whose information may have been exposed, a licensed legal professional can help guide you through the possible necessary steps in responding to the ransomware attack.
You should also consider reaching out to your cyber insurance provider for two reasons: 1) to make a claim and 2) for their guid- ance and access to professionals to help assist you with responding to the ransomware. Once you become aware of the ransomware, you will generally need to notify your insurance company, to make sure that your costs in responding to the ransomware will be covered by your cyber insurance policy. However, maybe just as important, your insurance company also may be able to assist you by connecting you with approved IT and legal professionals to help you respond to the ransomware attack. Your insurance policy may even help cover the costs of these services.

To prepare for potential ransomware attacks, which are becom- ing increasingly common in medical and dental practices, you should review with an experienced IT consultant, to ensure you have cyber- security protections in place. You should also consider reviewing your insurance coverage with an insurance professional, who can help you get an appropriate cybersecurity policy, so you have coverage in place in case an attack occurs.
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.

Click here for a PDF version of this article.