Paying Ransomware fees may be a Federal Crime | AdvancedMD

Features Navigation

Live Chat (800) 825-0224 Live Demo

← Back

Paying Ransomware fees may be a Federal Crime

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

On October 1, 2020 The Department of the Treasury issued an advisory on ransomware payments: “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”

The advisory goes on to state: “OFAC has imposed, and will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial, material, or technological support for these activities.”

What does this mean for you?

If you are hit with a ransomware attack, if the organization that is demanding money from you is a sanctioned organization, then paying the ransomware may result in you being fined.

In this case the best defense is a good defense. A good defense includes:

  • Making sure all your vital data is backed up and that the backup is kept offsite. In this manner should you be hit with a ransomware attack; you can restore your data from your off-site backup and do not have to a ransom to get your data back.
  • Secure your network. Make sure all your routers, switches and other connected devices are properly secured with the most up to date firmware and secure passwords.
  • Secure your workstations. Make sure that each person has their own account with their own username and password and that all passwords used to access workstations at your office are strong passwords.
  • Keep your antivirus software up to date.

There are just some of the steps you need to take to avoid a ransomware attack in the first place (best) or to be able to recover from a ransomware attack should you fall victim to this type of malware. There are many other things that need to be in place to best secure your work environment including policies and procedures on workstation use, accessing web sites, accessing email. Connecting devices to your local network and other steps you need to take to optimize your security.

One of the ‘gotchya’ moments that can often occur is the result of being confident that everything is all set. We are all aware of the need to update our operating systems with security updates, but many providers are not aware that devices such as switches, and routers need regular firmware updates. Now is a good time for you or for your IT consultant to review all the devices on your network and make sure that they are all up to date with security and firmware patches. Something that you can do now is register these devices with the manufacturer. Once the device is registered you will receive an email from the manufacturer when they release security updates. These emails can assist you in keeping your network up to date and protected from bad actors who may want to break into your network and steal your data.

TLD Systems is here so assist you in keeping your practice secure and minimizing the chance of a cyber terrorist from wreaking havoc on your local computer network. For more information, please visit, email [email protected] or call (631) 403 6687

Michael Brody, DPM
Dr Brody has been actively involved in Computers and Medicine since the 1980’s. Dr Brody as a Residency Director at a VA hospital on Long Island and was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees need to adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)


Other Resources Related to This Topic

No results found

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›