Ransomware Attack on Battle Creek Medical Practice Is a Cybersecurity Wakeup Call for All Michigan Businesses

By

Imagine showing up to your office one morning and finding a message on all computer screens that you will not be given access to your computer system again unless you pay a ransom.

Every Business Is at Risk. Most Businesses Are Not Adequately Protected.

Michigan-cyberattackThat’s what recently happened to a Battle Creek medical practice that hit by hackers who weaponized their confidential patient and practice data. As reported in HIPAA Journal, hackers installed “ransomware” on the computer system of Brookside ENT and Hearing Center in Battle Creek making patient records, appointment schedules, and payment information inaccessible until and unless the practice paid $6,500 to unlock the encryption. When the doctors refused to pay, the attackers deleted all files on the system, forcing the closure of their practice.

While the hacks, data breaches, and cyberattacks that make headlines usually involve big-box retailers, major financial institutions, or other large corporations, every business of every size is at risk from sophisticated cybercriminals.

Approximately 67 percent of American small businesses were victims of a cyberattack in the 12 months prior to one 2018 study. Additionally, according to UPS Capital:

  • Every cyberattack against a small business costs that business between $84,000 and $148,000.
  • Sixty percent of small businesses close their doors permanently within six months of a cyberattack.
  • Ninety percent of small businesses don’t use any data protection software or have any protocols in place for securing sensitive internal, financial, and customer information.

Data breaches can cripple a company’s operations and finances. But if the breach or theft involves confidential patient or customer information, it can also trigger a range of reporting and remediation obligations under state and federal laws and expose businesses to civil liability for any harm that results from the attack.

Quite simply, if you don’t develop and implement a robust data protection program, you are committing business malpractice.

Start Securing Your Business Today

That is why you need to take action today to protect your company’s and your customers’ data. There is no shortage of firms that can help you implement and maintain a comprehensive cybersecurity program or provide insurance coverage for cyberattacks and breaches, but here are five steps you can take right now to protect your company from hackers and cybercriminals:

  • Seek first to understand. Educating yourself about the nature of threats you face is the first step on the road to effective small business cybersecurity. The Small Business Administration offers a great free, 30-minute, self-paced training exercise that provides an introduction to cyberattacks, helps you assess your company’s vulnerability, and provides some basic best practices you can adopt to protect your information.
  • Purchase good cybersecurity software. While software alone won’t provide the comprehensive protection you need, you can’t go without it. Install security software on all computers and any mobile devices employees use to access company email or systems. Keep all security software, firewalls, web browsers, and operating systems up to date.
  • Develop and implement cybersecurity protocols. Produce and distribute a set of strong and – strongly enforced  – best practices for how to prevent cyberattacks and the containment, remediation, and reporting actions to take in the event of a data breach. The Federal Communications Commission has a terrific free tool – Small Biz Cyber Planner 2.0 – that can assist you in developing a customized security plan for your small business.
  • Train employees. Ensure that every employee appreciates the importance of his or her role in your company’s cybersecurity. Provide training that educates all employees about your data security policies, the procedures they need to follow to protect your company’s information, what steps they need to take in response to a breach, and how they can recognize suspicious emails, signs of “phishing,” or other hacking tactics.
  • Back it up. Create offline backups of critical financial, tax, and customer files, and back-up daily. If your computer is compromised, you’ll still have access to your data. It’s a safe bet that 60 percent of small businesses that went belly-up within six months of an attack (including that Battle Creek medical practice) didn’t have access to their data after that attack.
  • Conduct Penetration Tests. On an annual basis, have a trained consultant attempt to get past the security arrangements you have put in place.
  • Cyber Insurance. Purchase cyber insurance.

Call Us with Your Cybersecurity Questions or Concerns

If you have questions or concerns about the security of your company’s data or need assistance developing a cybersecurity program, the business law attorneys at Kreis Enderle can help. Please contact Dan McGlinn at DMcGlinn@kehb.com or (269) 324-3000.

About Dan McGlinn

Dan McGlinn represents health care providers and has extensive experience concerning the marketing of medical devices, including compliance with the AdvaMed Code of Ethics. He has written a number of professional articles on healthcare law. He is a member of the American Health Lawyers Association (AHLA) and the State Bar of Michigan Health Law Section.

Recent Posts by or including Dan McGlinn

Categories

Start Building Your Case Today

  • Hidden
  • This field is for validation purposes and should be left unchanged.