Cybercriminals are targeting small healthcare businesses with increased vigor. In 2018, across all industries, about 70% of ransomware attacks targeted small businesses, with an average ransom demand of $116,000. The stats are equally as formidable for Q1 of 2019, with ransomware attacks on business targets increasing by 195 percent. What does this mean for ambulatory practices? Smaller healthcare practices are ripe targets for cybercriminals. The hackers look for vulnerabilities that are easy to infiltrate and then lock up the network, virtually shutting down the operation until the ransom is paid or restorative measures can get the practice up and running again. And, that’s a best-case outcome. In fact, within a span of just seven days in the month of June five US healthcare practices reported ransomware attacks, driving some to return to the days of paper and pencils while they worked toward restoring their systems. Others paid ransom to be reunited with their data, with one organization being forced to pay ransom twice after finding additional locked files when decrypting its systems. At a minimum, the practices were disrupted for several days, but sometimes there are much more dire consequences. In the case of Brookside ENT and Hearing Center, the owners chose not to pay the ransom. As a result, the hackers wiped the entire system clean, including the deletion of payment data and patient information. This led to the decision to close the practice while the unintended violation of HIPAA compliance regulations could bring additional fees. Healthcare continues to be a cybersecurity target due to the richness of the data and its critical importance to the business. Cybercriminals aren’t discriminating – with each successful attack, the dark strategy may be refined to further zero-in on small and mid-size practices. “Unfortunately, it’s often smaller businesses that are most vulnerable to attack by cybercriminals as they frequently lack the resources and protocols of larger firms,” says Beazley Breach Response Services Head Katherine Keefe. One of the most important steps in protecting your organization’s PHI is to identify risk factors, especially in the case of legacy systems which can be an open door for attacks. A health practice’s best defense is to limit the number of systems it needs to protect. There are many business reasons to consolidate legacy systems into a single and secure archive, but perhaps the most important is the added security of having less systems at risk for attack. When considering decommissioning legacy systems and determining how to handle legacy data management to shore up the risk factor to your PHI, there are a few things you’ll want to ask any future archiving partner. As the number one firm in data extraction and migration as ranked by Black Book™, we’re also here to answer any questions you have on securing your legacy data. Ready to decrease your ambulatory practice system vulnerabilities and increase your security? We’re ready to help.