Statistically, before you sell your practice and retire, you WILL be the victim of a ransomware attack. Le me tell you about a real-world situation that happened in my hometown last month (December 2020). A small dental office was the victim of a brutal ransomware attack. All workstations, all servers, and ALL THE BACKUPS were locked up. This is the second time they’ve been stung.
The first time was a few years ago and the ransom amounted to about $3,000. Painful, but recoverable.
This time, the ransom demand is . . . 10 bitcoin. At the time of the second attack, the value of a bitcoin was $19,000. The office decided not to pay up. They concluded they had moved all their data to a cloud Electronic Medical Records (EMR) provider. Now they find there is data on a server they desperately need. At the time of this writing the value of a bitcoin is about $36,000. Let’s do the math.
Currently the IT support staff has spent 200 work hours to clean it up. At $75 per hour. And they aren’t finished yet.
Cleanup cost = $15,000 (minimum)
December 2020 ransom = $190,000
January 2021 ransom = $360,000
All the lost sleep worrying about the ramifications = Tough to quantify
So if they decide they have to get the locked data back, and if the US Treasury doesn’t find out and fine them, AND if the HHS doesn’t find out and fine them, they will be out a minimum of
If the practice has been running for 15 years, plus another 20 years before being sold, AND you want to spread the cost over the entire life of the practice, that’s
$10, 714 PER YEAR!
And remember, bitcoin for ransom is NOT a business expense for tax purposes.