Ransomware Is the New Normal. Is Your Practice Ready?

So here's something fun to think about on a Tuesday morning: a hospital in Los Angeles just paid hackers $17,000 in Bitcoin to get their own files back.

That's not a hypothetical. That's not from a movie. Hollywood Presbyterian Medical Center spent over a week locked out of their entire computer system after a ransomware attack in February. Staff were writing notes on paper. Patients were being diverted to other hospitals. And eventually, the hospital decided that paying the ransom was the "quickest and most efficient way" to get back online.

If you're running a dental or medical practice and you think this can't happen to you, I'd love to be wrong. But the numbers say otherwise.

Why Healthcare Practices Are Targets

Here's what makes this personal for anyone in healthcare: you're sitting on exactly the kind of data criminals want, and most practices don't have the security infrastructure of a Fortune 500 company.

Think about what lives on your practice's computers right now:

• Patient records with Social Security numbers, dates of birth, and insurance details
• X-rays, treatment plans, and medical histories
• Billing records and credit card information
• Insurance claims with detailed personal data

A stolen credit card number is worth maybe $1-2 on the black market. A complete medical record? That can go for $50-100. Multiply that by however many patients you have, and suddenly your practice looks like a pretty attractive target.

But here's the thing that makes ransomware different from a traditional data breach: the attackers don't even need to steal your data. They just need to lock you out of it. And for a practice that can't see patient schedules, pull up records, or submit insurance claims, every hour of downtime is money walking out the door.

The Hollywood Presbyterian Timeline (It's Worse Than You Think)

Let's walk through what actually happened, because the details matter:

• February 5: Staff notice they can't access the hospital's network. Systems are down.
• February 5-12: The hospital operates on paper. Fax machines. Handwritten notes. Some patients are transferred to other facilities.
• February 15: After investigating all options, the hospital pays 40 Bitcoin (about $17,000 at the time) to the attackers.
• February 17: The hospital publicly confirms the attack and the ransom payment.

Ten days. A major hospital was running on pen and paper for ten days. The original ransom demand was reportedly $3.4 million. They negotiated it down to $17,000, which sounds like a bargain until you realize you're literally paying criminals to give you access to your own data.

What This Means for Your Practice

Let's bring this closer to home. You're a dental practice with 15 computers, a server, and maybe a NAS for backups. What does a ransomware attack look like for you?

• Monday morning: Your front desk tries to open Dentrix or Open Dental. It won't load. The database is encrypted.
• Monday morning + 10 minutes: You realize it's not just the PMS. Your imaging software, your documents, your spreadsheets, everything is locked.
• Monday morning + 30 minutes: You see the ransom note. Pay $5,000 in Bitcoin or your data is gone.
• The rest of the week: You're calling patients to reschedule, you can't submit claims, and your team is sitting around because they literally can't do their jobs.

Even if you pay the ransom (which the FBI recommends you don't), you've lost a week of productivity, you may need to report a HIPAA breach, and you've just funded the criminals who did this to you.

OK, So What Do I Actually Do About This?

The good news: the defenses aren't complicated. They just need to actually be in place.

1. Backups That Actually Work

This is the big one. If you have a clean, recent backup of your data, ransomware becomes an inconvenience instead of a catastrophe. But "we have a backup" isn't enough. You need to verify that your backups are running, that they're stored somewhere the ransomware can't reach (offsite or air-gapped), and that you've actually tested restoring from them. When was the last time you did a test restore? If the answer is "never" or "I don't know," that's your action item for this week.

2. Email Filtering and Training

Most ransomware arrives through email. A malicious attachment, a link to a compromised website, a fake invoice from a vendor. Good email filtering catches a lot of this, but it doesn't catch everything. Your team needs to know what to look for: unexpected attachments, weird sender addresses, anything that creates urgency ("Your account will be suspended!"). Make it OK for people to ask "Is this legit?" before they click.

3. Keep Everything Updated

Software updates are annoying. They always seem to pop up at the worst time. But many ransomware variants exploit known vulnerabilities that have already been patched. If you're running Windows XP (and yes, some practices still are), or you're three months behind on updates, you're leaving doors wide open.

4. Limit User Permissions

Does your front desk receptionist really need admin access to the server? Probably not. The fewer people who can install software or access critical systems, the smaller the attack surface. This isn't about trust. It's about damage control.

The Hard Truth

Ransomware isn't going away. It's getting more sophisticated, more targeted, and more expensive. The criminals behind these attacks are running them like businesses, with customer support lines for victims who don't know how to buy Bitcoin.

The practices that survive this aren't the ones who never get targeted. They're the ones who have backups, training, and a plan. Hollywood Presbyterian got lucky with a $17,000 ransom. The next hospital might not be so fortunate. And a small dental or medical practice doesn't have a PR team and a legal department to manage the fallout.

Take 30 minutes this week. Check your backups. Talk to your team. Make sure someone is watching the door.

We're here if you need help.