How One Wrong Click Cost a Practice $1M

Recently, a CAP member's practice experienced a ransomware incident involving multiple office locations and servers, as well as thousands of patient medical records. Ransomware is a type of malicious malware designed to deny access to your computer system or data until a ransom is paid. It is one of the most common types of data breaches to affect medical groups.

When one of the practice’s employees inadvertently clicked on a "phishing" email, malicious malware infected the main server and four virtual servers, locking the electronic health records and billing data for all three of the practice’s locations. 

Risk Management Lessons from Litigated Cases
Get Medicine on Trial, a free publication of more than 80 litigated cases summarized by CAP's General Counsel Gordon Ownby.

Soon after, the practice received a ransom notice demanding $250,000 in Bitcoin, the equivalent of $1.5M, in order to release the encrypted files.

After several unsuccessful attempts to negotiate the ransom, the practice was unable to access its patient files.

Recovering the files proved to be an expensive and arduous task. Most firms quoted a cost upward of $250,000 with only a 50 percent success rate of full file recovery. Eventually, the practice’s own IT firm was able to recover files dating to April of 2017.

The practice estimates that the loss of revenue to date is at least $1M.

What All Medical Practices Should Know About Ransomware

Ransomware typically spreads through phishing emails or by an employee unknowingly visiting an infected website. The ransom payment is usually in the form of Bitcoin and, even if paid, there is no guarantee you will get your data back.

Phishing is when a fraudulent attempt is made, usually through email communication, to steal personal information such as passwords, credit cards or account numbers. These emails often look like they are from a legitimate company or even someone you may know in order to trick you into sharing personal information such as credit cards or passwords.  

How Can You Prevent Your Practice from Falling Victim to Ransomware?   

Educate your employees on ways to recognize a fake email:

  • Unfamiliar tone or greeting — legitimate emails usually call you by name
  • Sensitive information is requested such as passwords
  • Domain name is misspelled or does not match the company who sent it
  • The email forces you to click a link to go to a website or it contains suspicious attachments
  • The email is poorly written
  • The email message displays a sense of urgency to act

Make sure your servers are securely backed up in real time so if you need to recover data, it will be up to date. 

Even when you implement these precautionary measures, it is still possible to be impacted by a ransomware data breach. CAP provides all of our members with a $50,000 CyberRisk policy, but as you can see, this may not be enough. Make sure you have adequate data breach insurance to protect you. The cost of protection could be a fraction of the cost of a ransomware attack to your business.

Contact CAP Physicians Insurance Agency to get a quote for additional coverage up to $1,000,000 via email CAPAgency@CAPphysicians.com or call 800-819-0061