Clinical Scorecard: What Should You Do If Your Practice Has Fallen Victim to a Cyberattack?
At a Glance
| Category | Detail |
|---|---|
| Condition | Cyberattack on healthcare practice |
| Key Mechanisms | Ransomware attack (Gandcrab V5.2) leading to data encryption and potential PHI compromise |
| Target Population | Healthcare practices, specifically ophthalmic practices |
| Care Setting | Outpatient healthcare facility |
Key Highlights
- Talley Eye Institute experienced a ransomware attack in April 2019.
- The practice contacted the FBI and a health law attorney immediately after the attack.
- Data recovery involved a reputable decryption company rather than paying the hackers.
- No personal health information (PHI) was compromised despite the attack.
- The practice implemented hourly backups and enhanced cybersecurity measures post-attack.
Guideline-Based Recommendations
Diagnosis
- Assess the extent of the cyberattack and identify affected systems.
Management
- Engage law enforcement and legal counsel immediately.
- Utilize professional data recovery services for decryption.
Monitoring & Follow-up
- Conduct regular penetration tests and vulnerability assessments.
Risks
- Potential compromise of PHI and operational disruptions.
Patient & Prescribing Data
Patients of Talley Eye Institute, including new and follow-up patients.
Utilized historical data from previous tests and contacted ASCs for operative reports.
Clinical Best Practices
- Implement hourly data backups and ensure they are tested and encrypted.
- Maintain clear communication with staff and patients regarding data security incidents.
- Document and review cybersecurity policies and incident responses in board meetings.
References
This content is an AI-generated, fully rewritten summary based on a published scholarly article. It does not reproduce the original text and is not a substitute for the original publication. Readers are encouraged to consult the source for full context, data, and methodology.