Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

What Does a Ransomware Attack Look Like to Patients?

Posted on June 14, 2021 by Meghan in Blog

What Does a Ransomware Attack Look Like To Patients?

One of my favourite podcasts is Help Me with HIPAA. This weekend I listened to Episode 304 Ransomware Creates a Social Media Privacy Violation Storm while I was spring-cleaning my yard.

Donna and David discuss in (almost) real time a ransomware attack that was currently occurring at the San Diego California’s main health systems, Scripps Health. The attack resulted in practically all of its technology being taken down. The EHR went down, patient portals were down, appointments had to be rescheduled, patients had to be diverted to other hospitals… even their website was down.

This podcast episode isn’t about the technology about ransomware. Donna and David walk you through the impact on patients – from the inconvenience and frustration to the disastrous consequences of not having health information available when it is most needed.

This gripping story reveals how communication failures, systems failures and a lack of information snowballed to negatively affect patients when they needed help the most.

My Takeaways From This Help Me With HIPAA Episode

Ransomware is nefarious and its impact is far-reaching.

  • Patient care is compromised – patient information is not accessible, and it is unknown what information can be retrieved and, if it is retrieved, if it is complete and accurate.
  • Privacy breach – obviously! The hackers have patient, employee and business information and have threatened to release it publicly.
  • BUT – employees are also continuously breaching privacy while they are responding to patient concerns on social media DURING the ransomware attack.
  • Employees cannot access their information to do their jobs – work schedules, payroll, portals to perform their jobs. So, alternate, unauthorized workflows are implemented to get the job done which subsequently results in more breaches.
  • While the press release from Scripps Health indicates that they have trained and prepared personnel, the communication from Scripps to patients, employees, and the public has been disorganized, conflicting, and continuously breaching privacy and confidentiality.

I urge you to listen to this episode (about 30 minutes).

Listen to the Help Me With HIPAA Podcast HERE!

[Start at 18:19 minutes]

What Would You Do?

How would you and your team respond to this type of privacy breach?

Share this episode with the members of your incident response plan. Then, use the scenario to conduct a table-top privacy breach fire drill using your privacy breach management plan.

These table-top privacy breach fire drills are a great demonstration of your commitment as an organization to ensure that you are protecting the privacy confidentiality and security of health information.

Now hop over and listen to the Help Me With HIPAA episode to better understand what a ransomware attack looks like to a patient.

https://helpmewithhipaa.com/privacy-questions-everywhere-ep-304/ [Start at 18:19 minutes]

Communication, healthcare, incident response plan, Patients, privacy, ransomware, ransomware attack

Pandemic Incident Response Review

Posted on May 15, 2020 by Meghan in Blog

Each healthcare practice has been impacted by the COVID-19 pandemic.

This is certainly a disruption to our business continuity and a risk to privacy and security of patient, employee, and business information.​

 

In this podcast on Practice Management Nuggets For Your Healthcare Practice, Jean L. Eaton shares a strategy to help you with your pandemic incident response review so that you can respond to a similar incident with confidence.

 

Jean Eaton's #1 Tip to Healthcare Providers and Vendors

Update your Pandemic Incident Response Plan! Click to Tweet

Each healthcare practice has been impacted by the COVID-19 pandemic.

This is certainly a disruption to our business continuity and a risk to privacy and security of patient, employee, and business information.

Each custodian and healthcare provider must maintain a written record of safeguards that have been implemented during the pandemic, ensure that these are communicated to their affiliates, and monitor to ensure they are followed.

  • What can we learn about the pandemic incident response so far?
  • As we prepare to re-open our practices, what can we anticipate?
  • If we experience a second wave and have to lock down again, are you prepared?

Jean L. Eaton

Jean EatonInformation Managers Ltd.

I am constructively obsessive about privacy and confidentiality in the healthcare sector–and I think you should be, too!

I offer tips, templates, and training to assist healthcare providers, clinic managers, practice managers, privacy officers and independent healthcare practice owners on practice management and privacy legislation that are actually fun and practical.

Your Practice Management Mentor and Your Practical Privacy Coach

 

Be sure to tune in to my podcast for tips on your pandemic incident response,

Pandemic Incident Response Review | Episode #088

 

Listen To The Podcast Here
#PracticeManagementNugget, COVID-19, healthcare, incident response plan, pandemic, podcast

How to prepare your business continuity plan

Posted on March 9, 2015 by Jean Eaton in Blog

In our Practice Management Nugget series on January 29, 2015, we spoke with Paul Kirvan of Paul Kirvan Associates (PKA) in our interview, Business Continuity (What’s the worst thing that could happen in your business?) Paul is a recognized leader in business continuity advisory services.

The business continuity (BC) planning process includes project initiation, risk assessment, business impact analysis, strategy development, plan development, plan exercising and maintenance, emergency communications, awareness and training and coordination with public authorities.

Tweet this – Paul’s #1 Tip: Have an emergency response plan for your organization.

No matter how large or small your health care practice legislation, regulation, and business common sense tells us that we need an emergency response plan to protect the safety and well-being of your patients and your employees. You can re-purpose the emergency response plan to develop a business continuity plan. Just make sure you focus on the people, process, facilities, and technology assets your organization needs to function normally.

Prepare your business continuity plan before you open your health care practice. It would be bad luck to have an emergency right away but, if you are prepared, it doesn’t have to be a disaster.

Start your business continuity plan

Your owner and the management team of your healthcare practice should be the champions of developing a business continuity plan in your practice. You might also include information technology support, human resources, building maintenance, media spokesperson ,and risk management advisor. It’s a good idea to set up a project plan, identify project objectives, and set target dates for completion of the assessment.

Assess your office’s critical functions and assets

Conduct an initial assessment of your practices’ critical activities and systems. The assessment sets a baseline that will help identify what is needed to move your organization to a place where everyone on staff is prepared to respond quickly and efficiently to a potentially disruptive event.

Identify potential threats

Potential threats to business continuityYour list of critical activities helps you identify the mission-critical functions of your practice that must be protected and recovered and the employee positions that must be maintained. Knowing this helps you determine your priorities for your next steps.

Develop the plan

Identify the strategies you’ll take to protect your patient/clients, employees, and mission-critical resources. This might include backing up or moving to another location followed by recovering the equipment and information and returning them to normal operations. Include a detailed evacuation plan that each of your employees can access both at work and from their home.

Incident response plan is a step-by-step plan for responding to the incident after it occurs. Include how you are going to make decisions and who has the authority to make decisions. Include detailed phone and contact lists. Make sure the plan is fully documented, both in hard copy and electronic formats.how-to-prepare-your-business-continuity-plan steps

Practice the plan

Exercise the plans periodically to ensure they work as designed and can recover critical systems and return operations to normal. Paul recommends exercising both business continuity and technology disaster recovery plans at least quarterly. Include emergency communications, awareness and training and coordination with public authorities.

A business continuity plan in your practice is critical to protect your employees, patients and your business to be prepared for a crisis. Your goal is to recover your health care practice to where it can provide patient care and support its clinical and administrative teams in a “business as usual” manner.

For more tips, tools, and resources that you can use right away to prepare for business continuity in your practice, see Paul’s interview.

business continuity plan, disaster plan, emergency preparedness, incident response plan, Paul Kirvan, Practice Management Mentor, Practice Management Nugget

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"I did think that the info session was interesting on how many tools can be created and intertwined for the use of the patient. I do find the sessions good."

--Practice Management Nugget event, 'Engage your patients using automated tools' with Karol Clark

- Debra from Spruce Grove

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.