Cyber attacks? Providers say they’re armed

Friday, June 9, 2017

YARMOUTH, Maine – A recent ransomware attack on healthcare organizations in more than a dozen countries served as reminder to HME providers of the importance of investing in cyber security.

Unlike a typical computer attack, in which hackers steal data, a ransomware attack involves using malicious software to encrypt documents, images and other files, essentially holding them hostage until the victim pays to have them unlocked.

“I like to think we’ve been vigilant all along,” said Chris Rice, CEO of Diamond Respiratory in Riverside, Calif. “We’re pretty adamant here about things that get plugged into computers and anything else we can do with regard to keeping anything malicious out.”

While the ransomware attack in May affected mainly large healthcare systems, everyone—big or small—is at risk, warn experts.

“The only value of the data is to the owner—they go after it because they know it’s crucial to run your business,” said Rob Duryea, president, VGM Forbin. “The thing about an HME, is they are a soft target, especially when they are smaller. But the hackers are not going to say, give me $1 million. They are going to make it affordable so they can get the money.”

Provider Glenn Steinke says he is one of those “small fish”—it seems like a hacker wouldn’t bother wasting time extorting money from him.

“Still, we received updates after the ransomware attack from our billing vendor reminding us of the precautions we need to take and we are already taking all of them,” said Steinke, owner of Airway Medical in Bishop, Calif.

Precautions include ensuring you have adequate antivirus protection, cautioning employees not to open attachments if they aren’t sure of the source, and conducting regular backups of data.

“I do daily backups to a cloud-based system and then also weekly backups to a hard disk,” said Steinke. “It’s one way to ensure you maybe don’t have to buy everything back from someone.”

Provider Joseph LaPorta says his company has invested “greatly” in cyber security over the past year.

“We’re updating security patches and using what they call protected methods, and we need to update our policies to add procedures to provide additional levels of security,” said LaPorta, CEO of Mount Laurel, N.J.-based Persante Health Care.“It’s an ongoing effort because the schemes and tactics continue to change.”