May 27, 2025
I remember the day our med pass system
locked up. One minute I was charting vitals, the next—nothing but a spinning
wheel and staff panic. No access to records. Nurses re-logging 200 medications
by hand. It turned out to be a test run, not a breach. But it scared me enough
to never want the real thing.
Ransomware isn't just a buzzword. For
long-term care facilities, it can mean missed medications, wrong doses, frantic
families—and damage to trust that takes years to rebuild.
"Security is not a product, but a
process."
—Bruce Schneier
Real Consequences: The Carespring Case
In late 2023, Carespring Healthcare, which runs LTC and rehab centers in Ohio
and Kentucky, was hit with a massive ransomware attack. Over 77,000 individuals
had their personal and health data exposed. A class action lawsuit
followed—alleging poor data protection and delayed disclosure.
Those aren't just headlines. That's a nurse
trying to remember insulin doses without access. That's a daughter who trusted
you with her mom's care.
What Can You Do Right Now?
- Run a "what if" drill: If your EHR system went down, what would
your team do in the first 15 minutes?
- Confirm your data backups: Are they automated, offsite, and
tested?
- Ask your IT partner to simulate a phishing attack: See who
clicks—and then train, not blame.
This isn't about fear. It's about being
ready. Because ransomware doesn't target "techy" facilities. It targets
vulnerable ones.
"Great organizations face brutal
facts—and respond with calm, consistent action."
—Jim Collins, Good to Great
Interested in a conversation or want to
learn more? Call us or email michaelmoran@aresgrp.com.
