How to Defend Against the Rise of Ransomware

Tag Archives: EMR

How to Defend Against the Rise of Ransomware

defend against ransomware

Cybersecurity has been a major concern with the rise of ransomware incidents over the past few years. This form of cyber attack is an ever-growing problem that affects many industries but often targets healthcare organizations. By knowing what vulnerabilities to watch out for, using a secure Electronic Health Record (EHR), and educating your staff on security best practices you can protect your healthcare agency and defend against the rise of ransomware threats.

Ransomware is a form of malware that refuses access to the target’s data. Targeted organizations are asked to pay a ransom in order to recover their files and often paying that ransom is the most cost-effective way to get their data back. As such, ransomware has become a very lucrative criminal activity and continues to self-fund itself as the next generation of ransomware evolves to be even more sophisticated. With this, the cost of each ransom continues to rise as well. Healthcare providers are one of the most susceptible and impacted industries because of the wealth of sensitive, personal health information (PHI) files they contain. These records can be traded for hundreds of dollars each and are often sold several times. Healthcare system security is also often more vulnerable because security is often driven more by compliance than modern security best practices. 

This form of malware has the ability to infect any type of computer including mobile devices, IoT, routers, cloud storage, etc. but it often gains access through devices such as a printer, medical equipment, or other connected devices. When security scans are done by healthcare agencies to assess security vulnerabilities, often these devices are ignored because they are waived as low to medium vulnerability. It is often those low to medium vulnerability devices which are targeted; however, because they are often not prioritized to be secured and offer an easy way to gain access to your network. Make sure your healthcare agency is securing any and all vulnerabilities in your network and not just those which are flagged as high vulnerability targets. 

Additionally, make sure your EHR system is secure as it houses all of the records that threat actors are trying to gain access to. You can start by using an EHR with security certifications issued by reputable accrediting agencies such as databrackets. This will ensure your EHR has been audited on their ability to provide secure data management and is even more secure against the rise of ransomware. Extra layers of protection for your EHR like Multi-Factor Authentication is also recommended. Having an EHR vendor that provides regular data backups, a great incident response, and has contingency plans in place in the event of an attack are also advisable.

Finally, be sure your staff makes moves to increase security and protect patient data from ransomware. The primary ways that ransomware attacks happen are via malicious phishing emails meant to trick the recipient into disclosing login credentials. These credentials are then used to access your websites, applications and business data. The data they gain access to is then encrypted so that your agency cannot access it unless you pay the ransom. Because of this, oftentimes, the weakest security link at any organization is its employees. Educate all staff on password security, email security and not sharing work laptops with family and friends. Your staff should be informed that spam filters will not stop all malicious emails.  

According to an article by databrackets, ransomware attacks have cost U.S. healthcare organizations $157 million since 2016 and the individual ransom of 1,400 clinics, hospitals, and other healthcare organizations varied from $1,600 to $14 million per attack. Defending your organization’s data is more critical than ever, but if your staff follows these security measures, you can protect yourself from the rise in ransomware.

Finding a Trustworthy EHR Vendor

finding a trustworthy ehr vendor

Finding a trustworthy EHR vendor is important. The investment in a new system is significant and carries risks and consequences of failure. When your healthcare agency is shopping for a new EHR system, do your due diligence and vet your vendor as well. Do not exhaust your budget for a system that comes with hidden costs, fails to live up to expectations or is lacking support to go with the system you purchased.

Make sure any EHR vendors you are evaluating are providing a clear understanding of their pricing. Will they provide the total cost of ownership for their solution? Have you gotten deep into the process of consideration only to find they failed to mention additional fees like training? Be wary of hidden add-on costs after implementation also. If an EHR vendor has a lot of 3rd parties they work with instead of integrating their own tools they are likely to have additional costs. Stay within your budget and avoid being nickel and dimed. A trustworthy EHR vendor will outline all of their costs for you.

Other pitfalls to watch out for is vagueness on the part of EHR vendors about what their systems can do, having reputations for overpromising on development then failing to deliver, and lying about system functionality. A trustworthy EHR vendor will be clear on how their systems operate and will be happy to demo them for you. You will feel confident knowing what you are purchasing. A trustworthy vendor will also have a good track record of following through on development timelines and doing what they said they would. Be wary of EHR vendors whose customers have reviewed as selling a product that does not do what they said it would. 

Finally, in seeking out a trustworthy EHR vendor, make sure the vendor team is there for you beyond just the software itself. A great vendor will value relationships and collaboration and will form a true partnership with your healthcare organization. They will be responsive to your customer service and IT support needs, which will help your bottom line. They will also be responsive to your changing needs to meet compliance regulations, connect with different HIEs and immunization registries, and to adjust for improvements in your workflow. An EHR vendor you can trust is committed to your industry and operates as a living software that is constantly innovating for healthcare IT. Seek vendors that serve you while you serve the community.

Whether you are shopping for an EHR for the first time or limping along with one that nickel and dimes you, does not meet your needs, or fails to offer you proper support – remember you have options. Evaluate EHR Solutions and consider the importance of the people and company you are working with. Trustworthy EHR vendors will be transparent, have solid reputations and be committed to serving you.

Patagonia Health Joins the Carequality Network

carequality network

Patagonia Health, an Electronic Health Record (EHR) software company serving Public Health and Behavioral Health agencies, has now joined the Carequality network. Carequality is a national-level, consensus-built, common interoperability framework built to connect many health data sharing networks. Carequality currently coordinates care between 600k care providers, 50k clinics and 4,200+ hospitals. Interfacing with Carequality will help Patagonia Health’s customers access and transmit patient data more seamlessly between these other healthcare entities and speed up their administrative functions of obtaining health records.

Health Information Exchanges are nothing new yet these have been mostly disparate local or state networks. Carequality being a national network-to-network trust framework gives providers access to a much larger pool of patient data. Carequality can be leveraged by existing networks (HIE, Vendor, Payer, PHR, etc.) and service providers (e.g. record locator services) to enable the sharing of data across these diverse networks, services and their participants. The search feature on the Carequality website allows agencies to see which providers are sharing health data.  

“An HIE is only as strong as its HIE members,”  says Jolie Rollins, Sales Engineer, Patagonia Health. “The more stakeholders who contribute patient data on the network, increase the value to everyone on the network, driving better decision making and patient outcomes.” 

Using Carequality aids healthcare agencies’ workflow by allowing them to obtain patient data from or share patient data with more in-network providers. They would be able to receive and transmit patient information with any others in the Carequality network. This helps healthcare providers minimize their administrative functions. It eliminates several steps involving phone calls and faxes to request or send medical records. It also reduces wait times for that information exchange.

Patagonia Health is committed to pushing the future of healthcare forward with its innovative and secure EHR technologies. Their modern, cloud and apps-based solution is interoperable with tools healthcare agencies need and is certified for meaningful use. By interfacing with the Carequality network, this is just one further step Patagonia Health is making to better serve their customers in Public and Behavioral health. Streamlined solutions like these help keep the focus on patient care and away from the burnout associated with administrative tasks.

About Patagonia Health, Inc.

Patagonia Health, Inc. is a healthcare software supplier with a cloud and apps-based software solution that is designed specifically for Public Health Departments, Federally Qualified Health Centers (FQHC), Community Health Centers (CHC) and Behavioral Health agencies. Their solution includes an integrated, federally-certified, Electronic Health Record (EHR), Practice Management (PM) and Billing software. For more information, visit

Guidelines for Using Telehealth for Group Therapy

telehealth for group therapy

Group therapy uses many of the same approaches as individual therapy and research has shown it can sometimes be more effective. The use of group therapy during the social isolation brought on by the COVID-19 pandemic has proven more helpful than ever. Patients connected through virtual telehealth apps form a sense of belonging, build a support system, re-establish a sense of community, and reduce feelings of social isolation even while logging in remotely. While a great tool for behavioral health, using telehealth for group therapy does have some legal and ethical challenges to be cognizant of. However, the future of healthcare is moving towards more self-service options and telehealth is here to stay.

Privacy is a central concern in the legal and ethical framework of using telehealth for group therapy. Group therapy has been infrequently used in telehealth in the past so best practices and guidelines are still emerging. Privacy guidelines have been relaxed due to COVID-19 and the federal government has waived penalties for HIPAA violations through a “good faith” provision for telehealth for the duration of the public health emergency. However, psychologists should still refer to the APA Ethics Code and to the APA Practice Guidelines for Telepsychology

Create detailed consent forms so patients are aware of any risks, benefits and limits to confidentiality while using telehealth for group therapy. It should be clear that these sessions involve multiple people and are conducted outside controlled office settings. Have a policy in place on handling confidentiality breaches such as non-group members coming into the room and overhearing a meeting. 

Advise group members to login for their online session in a space free of distractions, other people and where they can speak freely. They should wear headphones or keep the volume low to prevent anyone nearby from hearing. Tell them to inform others near their location not to disturb them during meeting times. Form policies around whether patients can login via their phones or with their cameras off. Also consider if patients should be allowed to wear a non-threatening disguise to protect their identity while on camera. 

For the best security through your system, use a HIPAA-compliant telehealth platform as those have been evaluated for security, privacy and encryption best practices. Also consider using an embedded telehealth tool that is a part of your Electronic Health Records (EHR) system. That will reduce your workload, prevent errors and lower the risk of burnout. 

While there are many legal and ethical considerations surrounding using telehealth for group therapy, the benefits of group interaction are many. Increased access to healthcare is one of the primary benefits of telehealth. Beyond the COVID-19 pandemic, the future of healthcare can be improved with these telehealth technologies. We just need to move carefully forward while thinking about protecting patients’ privacy. 

Successful EHR Implementation: 7 Tips

successful ehr implementation tips

After you have chosen a new Electronic Health Records (EHR) solution, how do you smoothly transition to it? Follow these 7 tips for successful EHR implementation. 

Set realistic goals and expectations.

Is it realistic to think you will be paperless in 1 month? Do all of your programs need to go-live at once or is a phased approach better? What are the politics in your agency? Who is going to be the most resistant to change and maybe should not be a super user or the department to go-live first? Consider these things and set realistic objectives towards successful EHR implementation.

Keep everyone informed and involved.

Make sure your staff understands the goals for your new EHR solution and implementation timeline. Consider involving staff in the selection and implementation process also because participation increases adoption and excitement.

Keep leadership involved.

Keep leadership involved after the decision making process of selecting your EHR. Leadership should be visible, engaged with the training, open and communicative. Leadership sets the tone for the entire project and can help ensure successful EHR implementation.

Educate leaders on change management. 

Educate your leadership on change management. Like the stages of grief, there is an emotional reaction that comes from switching solutions. This should be expected and supported. Understanding the change management curve and appropriate responses will help your leadership team and staff through this process effectively. 

Be communicative with your vendor.

Be communicative and willing to work with your vendor. Seek out acceptable solutions for all involved when issues happen to be sure of a successful EHR implementation. 

Make it fun!

For go-live, consider bringing in breakfast or lunch. You can decorate the lobby.  You could also host an award ceremony at the end of the first month with awards such as: Super User in Training, Best Attitude, Most Helpful, Overcame Most Challenges, Department Most Likely to be Paperless, etc.

Evaluate training.

Before you consider your staff fully trained, assess whether your staff members have practiced multiple training scenarios and whether clinicians have dedicated time outside of their patient hours to learn the new system. Take the time to make sure all users are well versed in the new system and utilize all training available from your vendor.