BUSINESS

RANSOMWARE:

A Tale of Two Sites

                                 By David A. Schulz, CHP; CIPP

Name of Covered Entity  Individuals Affected                             Breach Submission Date Type of Breach

ABCD Pediatrics, P.A.   55,447                                           03/26/2017  Hacking/IT Incident

Urology Austin, PLLC    279,663                                          03/22/2017  Hacking/IT Incident

Source: U.S. Department of Health and Human Services: Office for Civil Rights

  When two nearby healthcare practices appear on the HIPAA               enhanced resistance; medical education relies on case studies of suc-
breach site for ransomware attacks within days, it is time to review     cessful outcomes.
this digital epidemic. San Antonio Medicine is grateful that both
practices, ABCD Pediatrics and Urology Austin, were forthcoming            Such outcomes tend to begin with “situational awareness.” At
about their experiences, how they withstood the onslaught. Ever          Urology Austin, Site Manager and IT Director Layton Smith noticed
since Hollywood Hospital made headlines last year by paying black-       the system being monitored — surveilled — for weaknesses. He
mail to regain access to its encrypted patient files, paying the perpe-  immediately contacted their managed services IT company, GCS
trator has become a common response. Here are two examples of            Technologies, a managed services company handling security for 450
                                                                         companies in Central Texas. Smith says, “GCS’s team got them —

                                                                                           continued on page 30
                                                                                     visit us at www.bcms.org 29