Ophthalmology Business

DEC 2017

Ophthalmology Business is focused on business topics relevant to the entrepreneurial ophthalmologist. It offers editorial, opinion, and practical tips for physicians running an ophthalmic practice. It is a companion publication of EyeWorld.

Issue link: http://digital.ophthalmologybusiness.org/i/905929

Contents of this Issue


Page 6 of 27

"The only thing we had to do was pay our IT manager overtime. But what happened was scary," Ms. Bruno admitted. Not so lucky was another eyecare practice 50 miles north of Horizon Eye Care that also suffered a ransom- ware attack. "They couldn't get their data back without paying the ransom. They paid $5,000, and 2 weeks later, they were rehacked and had to pay again," Ms. Bruno said. Not taking any chances Following the incident, Horizon Eye Care engaged a security expert for high level security systems to look for areas of vulnerability in their system and help them plug the holes. "We had done a lot already by having more than one firewall, by having our servers onsite versus cloud-based servers. Those are things that we had done to protect our information in the first place, but we did even more after," Ms. Bruno said. One of the changes the practice made after engaging the cyber securi- ty expert had to do with passwords. "We were remiss in not regular- ly changing our passwords, and we allowed people to select their own passwords. We now have four levels of passwords, and every level is a dif- ferent password for every person. So when I go to sign onto our electronic health records, I have four different passwords before I finally get in," Ms. Bruno said. Massachusetts, explained, "Health- care is one of those areas where peo- ple spend a lot of money and there's a lot of money invested. If you're able to gather massive amounts of data, you're able to discern where drug prices are going, you're able to manipulate insurance markets." It won't happen to us "As an administrator—and I know this is true for the doctors, too—you always think that this is not going to happen to us, we're doing all the right things. It was a big wakeup call for us," Ms. Bruno said. Included in the message was a demand for payment to a bitcoin account in order to regain access to their files. "We didn't do it," Ms. Bruno said. Fortunately, the practice had a backup that was only minutes old, and they were able to get their IT manager to restore all the data and create new drives for everything, with no consequence to the patient data. The hackers were unable to get into anything thanks to the multiple firewalls that had been set up. Another fortunate thing for Hori- zon Eye Care was that the episode occurred over a weekend, which meant it didn't affect their ability to see patients. Partial resolution, where the staff was able to get into the sys- tem and do some work, took about 12 hours. Full resolution took about 36 hours. I n late 2016, Horizon Eye Care, a large regional practice on the east coast, was attacked by ransomware, malicious software that blocks access to files until a ransom is paid. "Our IT administrator was doing routine maintenance after patient hours were over, and she was unable to get into the system," said Suzanne Bruno, administrator at Horizon Eye Care. When their IT administrator tried to log into the system, she received a message that said all the passwords were invalid. There was a link to how to create a new password, and then another message that said their data had been hijacked. "They hacked everything—drives not related to patient data, things just related to internal management, our financial analysis, our personal Microsoft files," Ms. Bruno said. The practice is just one of many healthcare facilities that have fallen victim to the malicious software since it surfaced in 2012. According to Fortune.com, a 2017 Verizon Data Breach analysis found that ransomware was #22 on the list of the most common types of malware in 2014, and this year it was #5. The report also found that ransomware was responsible for 72% of all healthcare malware attacks in 2016. The only industry more target- ed than healthcare is the financial services sector, the report said. As Cal Francis, director of strate- gic accounts at Veracode, an applica- tion security company in Burlington, December 2017 • Ophthalmology Business 7 When malware attacks, how can your practice be ready? continued on page 4

Articles in this issue

Links on this page

Archives of this issue

view archives of Ophthalmology Business - DEC 2017