I followed all the rules and I still got hacked
Last fall, on a typical busy Monday morning, with add-ons, walk-ins, and a packed schedule, I started to notice my computer network was sluggish and I was getting kicked off of my EHR several times throughout the day. We verified that there was no issue with our internet service provider, so I assumed that the sluggish network was a function of a busy Monday morning.
Further reading: Top tips for protecting a practice from hackers
Later that week, as my IT person was installing new software onto my system, he noticed that someone had logged onto my server and that we had been compromised. Ransomware had been deployed on the server and all workstations throughout the practice. Ransomware is a harmful type of software that forces the victim to pay a fee in order to unlock the system and retrieve their data.
We were, in other words, the victims of a cyber attack. Within minutes, we completely shut down our system and disconnected it from the internet, preventing any major damage and data loss to trigger the ransom. My major concern at that point was guarding my patients’ protected health information (PHI) as well as their identities.
The following morning, my IT person was at my office with a strategic plan for how to deal with this cyber attack and implemented his response within minutes of my approving it. I pulled out my HIPAA manual to make sure we were following protocol. We notified local authorities, who advised us to contact the FBI. We did so immediately. Then we began keeping a detailed log of all events that had occurred and our plans for resolving the issues.
The next two weeks would be very stressful as we worked to reestablish our network while guarding patient identities and PHI. I was angry and felt victimized. I was worried about my practice, our systems and how we’d get up and running again. But most of all, I was concerned about my patients. I did not want their data compromised on my watch. Fortunately, none of the data were accessed, as our old records were encrypted on the server while our present records are on the cloud with our IT vendor.