The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

Ransomware’s Impact on Health Care

There have been a number of news stories recently which have highlighted the potential impact of ransomware. Being unable to admit patients, or worse, unable to provide critical care in a life and death situation, are the stuff of nightmares for health care providers. The changing landscape of health care due to COVID-19 has further disrupted the ability of health care organizations to mitigate the impacts of cyber threats. As more workers require remote access to hospital systems, more avenues of attack become available to hackers. It is now more important than ever to be aware of ransomware and broader cybersecurity threats.

What is ransomware?

The FBI defines ransomware as "a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return". Like many other viruses and malware, ransomware typically finds its way onto computers accidentally through unaware users installing or downloading it. In contrast to other computerized threats, ransomware is primarily used to extract payments from affected individuals directly. 

How does it work?

Ransomware generally requires some action on the part of a computer user to begin its work. This is often achieved through phishing scams, or more targeted “spear phishing” emails that are used to trick users into downloading ransomware. Once the software is installed on a computer, it will lock the user out of the computer, encrypting the data on the drive so that it can’t be readily recovered. The more advanced and dangerous versions will also worm their way through attached network drives and other systems that the infected computer is able to access. Often, ransomware has the biggest impact on large, connected networks like those you would find in a modern hospital system.

More infamous ransomware, such as WannaCry in 2017 and Ryuk this year, have made headlines with their financial impacts. Other instances have more dire consequences, as in the case of Düsseldorf University Hospital. As a result of ransomware, a patient was unable to be admitted to the hospital. Instead, the patient had to be rerouted to another hospital farther away and died in transit. The hospital’s admission systems remained affected for more than a week.

How can health care organizations prepare & defend against ransomware?

(1) Keep operating systems and software updated. Install and use updated antivirus to perform regular scans

The vast majority of these attacks take advantage of vulnerabilities in software, many times for known problems that could have been mitigated or prevented by up-to-date software. As organizations decrease the number of insecure and outdated software systems running in their network, the likelihood of a successful ransomware attack decreases.

(2) Educate members of your organization about social engineering

Social engineering relies on subtle tactics, such as posing as a trusted source or creating a sense or urgency, to trick individuals into downloading malicious software or divulging sensitive information. Email phishing scams are a frequent vehicle for ransomware. By encouraging individuals to think critically before clicking unknown links, organizations are less vulnerable to ransomware.

(3) Perform frequent backups of critical systems and data and store them in another location

Ransomware’s biggest threat is preventing access to critical systems or data. By backing up and maintaining systems in another physical location and on another network, successful ransomware attacks will have less data and system access to ransom in the first place. 

(4) Practice and plan for the possibility of a ransomware attack

Being prepared to restore access and data in the event of a ransomware attack is just as important as prevention. The financial impact of a day’s worth of lost business pales in comparison to a month of loss. When data can be easily recovered, there is little reason to pay the ransom for lost data. 

If the organization suffers a successful attack, having a response and restoration plan can make a world of difference. Be sure to regularly test the efficacy of your plan to ensure the process stays current and succeeds in restoring the most critical systems.

Additional Resources:


To find out more about pMD's suite of products, which includes our charge capture and MIPS registrysecure messagingclinical communication, and care navigation software and services, please contact pMD.

5G ACA Account Management accurate coding ACI adoption Advancing Care Information Advice AHCA AHRQ AI Alternative Payment Model Amazon S3 Android API Apple appointment reminders Artificial Intelligence arts Audit Award Bay Area BCRA Benefits Best Place to Work Best Practices Big Data Billing Billing & Collections Billing Service Billing Services bootcamp BPCI BPTW Bundled Payment Model Bundled Payments Business relationships Care Communities care coordination Care Navigation Care Team Career Fair CDC Charge Capture Charge Capture App Charge Capture Software Charge Capture Solution Charge Capture Statistics Charge codes Charge Lag Charge Reconciliation CHIP CIO Claims Clinical Communication clinical data Clinical Data Registry Clinically integrated network Cloud CMS cms regulations Coding Collaboration Communication Company Culture Conferences Connected Health Record contact practice Coronavirus COVID COVID-19 COVID19 Cross-functional culture custom reports Customer Interaction customer relations customer service customer success customer support Customers Cyber Security cybersecurity Developer DHHS Diagnosis codes Dialysis discharge instructions Doctor EHR elderly Electronic Charge Capture Eligibility EMR Encryption End-to-End Platform epidemic Expansion FDA FHIR Flu fundamentals gamification Gen Z GI GI Outlook Goals group messaging Health Care Health Care Technology Health Care Web Health Care. Health Care IT health data Health Information Exchange Health Record Healthcare Healthcare Data healthcare interface healthcare interface integration healthcare software HIE HIPAA HIPAA Compliance hipaa compliant communication hipaa compliant communication platform HIPAA-Compliant Hiring HL7 Holidays Home dialysis Home Health Hospital Census Hospital Communication humanity IA ICD-10 ICD-11 Immunizations Implementation Improvement Activities in-app calling inclusive software incorrect billing increase revenue injury rehabilitation innacurate coding Instant capture Integration interface interoperability iOS iOS 8 iOS7 iPad iPhone iPhone 6 IT Lead Generation length of stay LGBTQIA Long Term Care LTC Machine learning MACRA Medaxiom Medical Billers Medical Billing Medical Billing & Collections medical billing denials and solutions Medical claims Medical Coding medical coding accuracy medical coding quality Medical Errors medical practice revenue Medical Record Medical Software Medicare Mental Health Mentorship Messaging Messaging with Patients MGMA MIPS MIPS Registry mobile Mobile App Mobile Charge Capture Mobile EHR Mobile Health Mobile Messaging Mobile Payments Mobile security Mobile Software Mobile Technology Mobile telehealth Modern Healthcare Native App natural language processing Network new feature new features news NIH nlp OCM onboarding Oncology Care Model operations opioid crisis Pandemic Parenting Partnership partnerships Patient Patient access Patient Adherence Patient App Patient Care Patient Chat Patient chat routers Patient Communication patient data Patient Engagement patient experience patient experience cycle Patient Generated Health Data Patient Handoff Software Patient Information Patient Messaging patient outcomes Patient payments patient portal Patient Record Patient Safety Patient satisfaction Patient Simulators patient support Patient Visits Patient-Centric PCP Performance bonus PHI Phishing Scams Physician Physician burnout pmd pMD Pro pMD Team population health Population Health Management Post-COVID PQRS Practice Management Pregnancy Press Release Product Development Productivity products Promoting Interoperability Protected Health Information QCDR QPP Quality Data quality reporting Quality Scoring Ransomware RCM Recruiting Recruitment Reimbursement remote jobs Remote Work Reporting reports Residents Responsibility revenue cycle management ROI Rural communities Ryuk Sales Secure Communication Secure Data Secure Messaging Secure Messaging Video Secure Text Messaging Secure Video Secure Video Chat Security Audit self care seniors sexual orientation and gender identity SF Biz Times SMB SNF SNOMED-CT SOC 2 software vendor SOGI Spear Phishing Specialty Care success support TCM TDM Team Team culture Teamwork technology telehealth telehealth reporting Telemedicine telemedicine in long term care Telemedicine skilled nursing facilities Teletherapy Text Messaging texting Thanksgiving Therapeutic Drug Monitoring time-based billing training transgender Travel Upgrades UX Design VA vaccination records vaccinations Vaccine Value-based care Video Calling Video chat video communication video conferencing Virtual Care Virtual Visit voice calling voice memos WannaCry Wearable Device wearing many hats Web App wellness wfh Wireless Work From Home Work Life Balance Workflow optimization Workplace Culture