Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi everybody. This is Perry Barnhill with the Fearless Acupuncturist. Good morning to you, or good afternoon, whatever it may be. Today we want to give a big thanks to the American Acupuncture Council for sponsoring this video that we’re about to show you in regards to ransomware. Next slide, please.
Click here for the best Acupuncture Malpractice Insurance
Again, a big thank you to the American Acupuncture Council for sponsoring this. All right, here we go, everybody. Ransomware, you’ve heard about this. You’ve probably heard TV shows talking about it in regards to the computer things that happen, and it’s not if it’s going to happen to you. It’s when, so what I wanna talk about today is how do you plan for it?
Get a Quick Quote and See What You Can Save
How do you prepare and how do you protect yourselves if these things happen or maybe when these things happen? Myself again, Perry Barnhill. Julie McLaughlin in the background as always, much help. We are here as healthcare providers just like you with certifications in compliance and hipaa. Okay, so ransomware, let me just take a moment.
I want to share a story with you. This is an actual event of what happened. Now, it’s a hospital situation, but these things happen in private practices. All right? So keep that in mind. They happen often, unfortunately, so I’ll just go over this little story with you. It was approaching midnight on Sunday and the head of an IT person at Florida.
The hospital had a problem. The emergency room of this 100 bed facility called to report that it couldn’t connect to the charting system that the doctors and providers were using to look up the patient’s medical histories. So a Florida hospital IT director soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn’t have much time to keep the computer virus from spreading.
So guess what? The hospital shut down his computer system. On his advice, and here’s what he said. He said, if we hadn’t stopped, it would’ve probably spread throughout the entire hospital. And what had to happen was the hospital had to revert back to their paper records, which I know a lot of offices have paper records.
But this is all applicable because not if you just have paper records. You generally, and almost always have at least something regarding the patient in your computer. So even if you’re just using paper charts, you still have patient’s financial information in the computers, a lot of times you have their histories in their computer.
In the computer all the time. Something’s there. So if the computer gets infected by ransomware, they can access that and they can hold it for ransom. So what is ransom, or at least what do most of us think ransomware is? It’s extortion software and it locks your computer and then they ask money for it, or they ask a ransom for it.
So in simple terms, what happens is the malware gains access to device, your, to your device, the computers, and depending on the type of ransomware, either your entire system, your entire operating system. Or individual files are encrypted, and then what they do, these cyber crooks, they demand a ransom from you or sometimes even the victims from patients.
So just some simple facts with ransomware. I think a lot of us are aware of these things. Basically, they can massively impact your practice. One little ransomware effect can cause chaos in our practices. In some cases, these ransomware, these cyber criminals can demand excess of a thousand, or rather, I wish only a thousand, but million dollars so that you can get this information back.
Now, that doesn’t mean you pay, okay, I’m not saying that, but let me do this first. Let’s go over a quiz and just go through this. So is this true or false? According to an IBM report in 20, in 2022, do you think the frequency of ransom breaches has increased from previous rare years? True or false?
I bet you know the answer. It’s definitely true. Most of us realize that these computer, these hackers these cyber criminals are creating more problems for us as time goes on. Yeah, 7.8 in percent breaches in 2021, and then 11% in 2022, and it continues to increase each year. How about this one, the impacts.
Ransom of a ransomware attack can be crippling to include monetary, permanent closures of especially smaller organizations like our offices. They delete files, they even patient procedures and testing can be canceled, so what can you, as an individual office or provider do to help these things or prevent these things from happening?
A. Participate and complete any required training. B, ensure your network security is in place. C have your IT administrator or your computer person contact information easily accessible, or is it all the above? Yeah it’s definitely all the above. Each of us. Each of those things we have to do, they play a critical role in patient care and patient safety.
Remember, cybersecurity it is patient safety and together we can protect our practices and the patient data we are entrusted to secure. So how can ransomware impact us as providers? This is a big one. This is massive. Monetary impacts the amount of money we’ll have to pay, one to resolve these things.
Two, maybe the fines and penalties that could come as a result of it. If we don’t have our HIPAA policies and procedures in place impact to our organization. Sometimes depending on the type of breaches that happen or the amount of breach that’s affected, we have to report these things publicly.
To disclose to the public that we had a breach in our office. So it really can affect our reputation. It can close our organization or close our offices, especially smaller ones. Deleted files, or you completely have lost them. Delayed patient canceled care. When systems shut down, it can potentially cripple your networks and forcing manual transactions where possible, and it really can cause havoc in our offices.
So these are reasons why you wanna make sure you protect your patient’s health information. So what’s the best defense? Usually the best defense is a good offense. Most ransom attacks are sent in phishing campaign emails. We just did a, we did a class on this. We did a video on this. One of the last times that we did for this.
Regarding phishing and phishing campaign emails, so make sure you watch that if you haven’t. Staying alert when any email asks you to enter your credentials. You have to be extremely careful when emails are sent, making sure you know exactly where they’re sent from, or at least you know it’s a trusted source.
The next one here, installing updates. Whenever you’re prompted to do you have to do these things. ’cause if you don’t and you have a breach, guess what? You’re in trouble and you’re liable. Does your practice have an incident response plan? According to hipaa, and according to all the rules, we have to have an incident response plan.
Meaning if something happens, this is exactly what we do. Do you have training you should be aware of to understand your practice’s security policy? Is there training that you have because you have to have training. This is all part of the HIPAA policies and procedures. You have to have training, you have to be able to document that training as well.
And also, if these things happen, do you have an emergency contact list in order to help resolve these things in order to help get the files back if needed? Some of the resources, a lot of people like to see where the resources come from. They come from the Office of Civil Rights, and if you didn’t know, so the Office of Civil Rights or the OCR, they’re basically the police of hipaa.
These are the folks we don’t want knocking on our doors if something happens. So what are some next steps? What are some things that you can do? One of the things that we talked about is you can download this HIPAA compliance checklist. Click the QR code. You’ll get it that way. Go through these questions, go through these statements and these bullet points.
If you can’t answer, if you can’t say that you’re doing each and every single one of them, not just nine outta 10, for example, you have to do each and every one of them to become HIPAA compliant. So make sure you go through this. If not, we certainly can help you with that. If you have any questions, we are more than happy.
To answer your questions. If you’d like to schedule a demo or just get started with it, just a couple things you can do here. You can scan that QRR code or you can schedule demo. Just go like it says right here to go do fearless provider.com/demo. If you wanna just get started, go to www.fearlessacupuncturist.com.
Or you can contact myself at Dr. perry@betterhipaablueprint.com. You can also talk contact Dr. Julie as well at Dr. julie@betterhipaablueprint.com. I want to thank everybody for attending this program and want to give a big thanks to the American Acupuncture Council for Sponsors. Again, this is Perry Barnhill with the Fearless Acupuncturists and everybody have an amazing day.