Ransomware and Your Practice

The Threat

Ransomware is a type of malicious software that cyber criminals use to deny access to systems or data. Symantec, a global leader in cyber security reports that in 2016 it is seeing in excess of 4,000 attacks per day. In February of this year Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 ransom to regain access to their records.

Note: HHS has determined that when electronic protected health information (ePHI) is encrypted as the result of a ransomware attack a HIPAA breach has occurred.

Is your practice prepared for your ransomware attack?

How Does Ransomware Work?

In a ransomware attack, victims will often open an email it and click on an attachment or URL that appears legitimate, like an invoice, an electronic fax or web site, but which actually contains the malicious ransomware code. Some more sophisticated criminals now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

Once the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and practices are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom.

Protecting Your Practice


  • Train your staff. Ransomware is most commonly introduced to your systems when someone in the office unknowingly opens an infected email attachment or clicks on an infected link.
  • Ensure all of your digital devices have the latest version of their operating system, software, and firmware installed.
  • Ensure antivirus and anti-malware solutions installed and are set to automatically update and conduct regular scans.
  • Configure your email accounts to deny email with executable file attachments

Business Continuity Efforts

  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up

Sevocity® and Ransomware

If your practice is a victim of a ransomware attack, all your patient ePHI with Sevocity is safe. Your patient data in Sevocity will be unaffected and cannot be held for ransom. However, patient data outside of Sevocity on your practice’s systems may be encrypted and locked up by the cybercriminal.

In Sevocity the core patient data systems are architected to be physically and technically isolated so that ransomware cannot be introduced into the data base systems.