09 Dec 2019

There is a reason hackers have started targeting hospitals and medical practices.  Not only is their cyber security known to be woefully lacking (despite the best efforts of the U.S. Department of Health and Human Services [HHS] and HIPAA regulations), but the electric Patient Health Information (ePHI) can literally be life and death.  Meaning?  The healthcare industry has no choice but to pay up.

This is the exact scenario Virtual Care Provider (VCP), a Milwaukee-based company servicing over 100 nursing homes across  the US, found itself in last month.  They had to notify their patients that they did not have access to their medical records, meaning they were unable to communicate any prognoses to their patients, because they fell victim to a ransomware attack that was holding their ePHI hostage until the company coughs up a staggering $14 million in ransom.

On Nov. 18, the day after the hack was uncovered, VCP sent out notification to its clients that while they were figuring out if any of their PHI had been compromised, they did know that approximately 20 percent of their services were impacted, and they had to rebuild 100 of their servers.

What Hold Security, the company hired by VCP to investigate the breach, has discovered since that time is quite disturbing: they were breached by Russian hackers who used phishing emails to infect their network, undetected, over the course of 14 months.

Even worse?

VCP doesn’t have $14M to give to the cybernappers, resulting in many of their nursing homes being unable to:

  • Access the medical records of their patients
  • Use the internet
  • Issue paychecks
  • Dispense meds

Not only does this cause gave concern for many patients’s overall health, but it’s unknown if the facilities themselves will be able to brave this storm, as they are unable to bill Medicare or insurance companies for reimbursements.  The average ransom is just under $40,000, and it’s unknown why the hackers are requiring such a huge pay out, but what is clear is that VCP can’t pay what’s being demanded.

And do  you know the worst part of this all?

This situation was completely avoidable.  Had VCP been HIPAA compliant…  Had they trained their employees in cybersecurity… Had they, at the very LEAST, backed up their data… They wouldn’t be in this predicament.  Sure, it may be a bit costly to make sure the business’s cyber security is in check, but it wouldn’t have put them out of business, and it most CERTAINLY wouldn’t have put their patients’ health in peril.

Is your business HIPAA compliant?  Contact us today for a free consultation, and avoid these mistakes in the future.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top