Cyber Security in the Healthcare Back Office - Lowering Ransomware Risks

As the number of cyber attacks continue to increase annually, it’s becoming more imperative for businesses to have a proper defense against them. Bank Info Security recently elaborated on the FBI discovering that the healthcare industry experienced the most ransomware attacks in 2022. 

The article quickly reminded us why Prochant went through the rigorous process of becoming HITRUST CSF Certified. Rachel Schools, our Senior Consultant and co-host of The Modern Healthcare Back Office, took the time to explain what ransomware is, how it’s affecting healthcare, and what providers can do to protect themselves. 

How Attacks Happen

A ransomware attack typically takes place after an individual clicks on a link they shouldn’t. Text messages and emails are the most common vehicle for facilitating ransomware attacks. Once they click the link, a program infiltrates their system, which then spreads to their servers where it inevitably locks them out of their data and the tools they need to do their job until a ransom is paid. 

The demands attackers make usually vary based on the size of the organization. More often than not, they’ll ask for a sum that’s large enough to make a profit, but not enough to report it to the authorities. Waiting for the authorities to get involved isn’t really an option in the healthcare industry considering some people’s lives depend on their order getting filled. 

Once Attackers Are In

After they enter your system, they are able to access your data and the personal data of your clients and patients. Failure to keep patient information secure is a massive HIPAA violation that can result in your business having to pay a fine. 

Financial repercussions aren’t the only potential threat associated with ransomware. Since healthcare records contain highly sensitive personal information for each patient, any compromised records puts that patient at risk of having their identity stolen. 

Preventing an Attack

Fortunately, there are a number of actions providers can take to prevent an attack from taking place. For one, regularly backing up your equipment and your database to offline sources is important. 

By regularly backing up your data to offline sources, businesses can still access their information through a separate channel if they were to get attacked (this results in you only being out the equipment that’s locked). 

Practice minimizing your digital footprint by not exporting and saving sensitive data onto your personal computer. When you reduce the amount of valuable information on your computer, it decreases the attacker's leverage in a ransomware situation. 

Two-factor authentication is another effective tool for fending off ransomware attacks. Two-factor authentication is an identity and access management security method that requires two forms of identification to access resources and data on a device. 

Employees need to be perpetually trained on the latest cyber technology and security threats, since they’re ever changing. This is where Prochant’s HITRUST CSF certification becomes helpful, because in order to remain certified, we have to update our security methods a couple times a year to match their rigorous safety standards. 

Vulnerability assessments are an invaluable resource for exposing areas and employees that are susceptible to attacks. Keeping your employees on their toes is the best way to stay vigilant against these types of cyber threats.

One way to run a vulnerability assessment is to have your IT department send out a text message or email that mimics a ransomware attack. If an employee happens to get tricked into clicking it, immediately call them into your office and let them know what they did wrong. 

Pick Your Vender Carefully

If you're a company that utilizes a third party to handle some of your back office processing or revenue cycle management, make sure they're equally equipped for combating cyber threats. When work gets outsourced, the business that completes it is just as likely to become a victim of an attack.

Every person in that thirty-party organization has the ability to lose classified information regarding your patients. A rule of thumb for deciding a vendor is they should be HITRUST CSF Certified or at the very least HIPAA certified. 

Data Conscious

Organizations need to be confident all of their employees are aware of the different ways an attack can be carried out. When individuals are aware of the various tactics scammers use, it significantly reduces the chance of them getting tricked by one. 

Considering cyber attacks have the ability to debilitate both your patients and your business, organizations need to be certain their defense system is foolproof. Hear all the cyber security tips our experts suggested in the full episode of The Modern Healthcare Back Office here or below.


Prochant has a proven track record of helping HME and pharmacy providers meet their financial goals. Our scalable solutions, years of experience, and advanced technology provide best-in-class results to the healthcare community. Headquartered in Charlotte, North Carolina, our client base includes national pharmacy and HME providers and health systems.