Skip to content

How to Respond to a Ransomware Attack

By Robert D. Clark, J.D.

If your practice’s IT system is ever the subject of a ransomware attack, then you will likely be familiar with the stressful and debilitating situation ransomware can cause, not to mention the potential financial impact. Here are some steps that you should consider taking to respond to and recover from a ransomware attack on your practice.

What is Ransomware?

First, let us explain what ransomware is and how you may be harmed by it. Ransomware is a malicious software or virus and its purpose is to prevent you from accessing your IT system. Ransomware can encrypt or lock your practice computers, or at least lock you out from accessing certain files, and holds your electronic devices for ransom. You can’t gain access to the files necessary to run your practice, such as patient records or billing information, until you make a ransom payment to the person in control of the ransomware. In this way, ransomware can completely shut down your practice’s operations.

Ransomware can infect your practice’s devices in multiple ways. For example, it can be spread through a phishing email, visiting an infected website, or clicking on an infected link or ad. If someone in your practice opens an infected email attachment, then the ransomware may have access to your practice’s IT system and be able to lock you out from accessing it.

Contact an IT Consultant

Likely the first step you will want to take is to contact your IT consultants, if you have them. You will need to rely on a trained IT-specialist to make a review of your IT system to determine the extent of the ransomware infection. The IT consultants can assist you in trying to isolate the ransomware, to limit the number of files or devices that it locks. They may also be able to identify the strain of ransomware, to try to help mitigate its effect.

If possible, your IT consultants may be able to undertake efforts to remove the ransomware and recover your access to your IT systems. Unfortunately, this is not always possible. This is often a situation where an ounce of prevention is worth a pound of cure. The IT consultants may just advise you to wipe your system and start fresh, hopefully with a recent system backup that you have saved and with better protections in place to try to prevent a future ransomware event.

Engage a Legal Professional in Your State

You should also consider contacting a legal professional in your area who is experienced in handling cybersecurity events. The legal issues that can arise from a cybersecurity event are numerous and you may need the guidance of a legal professional that is familiar with these specific issues. From reporting the attack to legal authorities to providing notification to patients’ whose information may have been exposed, a licensed legal professional can help guide you through the possible necessary steps in responding to the ransomware attack.

Seek Guidance from Your Cyber Insurance Company

You should also consider reaching out to your cyber insurance provider for two reasons: 1) to make a claim and 2) for their guidance and access to professionals to help assist you with responding to the ransomware. Once you become aware of the ransomware, you will generally need to notify your insurance company, to make sure that your costs in responding to the ransomware will be covered by your cyber insurance policy. However, maybe just as important, your insurance company also may be able to assist you by connecting you with approved IT and legal professionals to help you respond to the ransomware attack. Your insurance policy may even help cover the costs of these services.

Be Proactive and Take Preventative Measures

To prepare for potential ransomware attacks, which are becoming increasingly common in medical and dental practices, you should review with an experienced IT consultant, to ensure you have cybersecurity protections in place. You should also consider reviewing your insurance coverage with an insurance professional, who can help you get an appropriate cybersecurity policy, so you have coverage in place in case an attack occurs.

About Treloar & Heisel
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.

Robert J. Clark is a Compliance Officer with Treloar & Heisel, Inc.,

Treloar & Heisel and Treloar & Heisel Property and Casualty are all divisions of Treloar & Heisel, Inc. Insurance products offered through Treloar & Heisel, Inc. Treloar & Heisel, Inc. and its divisions do not offer legal or IT advice. Please consult a professional concerning these topics.  19-059