Compass Network Group

The growing cyber threat landscape combined with HIPAA Omnibus Rule make Barracuda MSP data protection solution more valuable than ever to this MSP and its healthcare customers.

After being in business for more than 14 years, there aren’t many things that Mark Pontius hasn’t seen. As president of Compass Network Group, an IT solution provider (ITSP) that focuses exclusively on the dental market, Pontius has helped customers through disasters and tragedies ranging from the September 11 attacks and the Great Recession to a slew of natural disasters. One of the biggest lessons Pontius has learned from these experiences is that while human nature hasn’t changed, the threat landscape has gotten much worse.

HIPAA Omnibus Rule Enforces Healthcare Regulations

In the earlier days of Compass Network Group’s business, many dental practices had a dismissive attitude toward data protection. Some clients preferred to save money by handling backups themselves instead of paying Compass to manage it for them. Although Pontius didn’t feel 100 percent comfortable with this decision, there was only so much he could say or do to change a customer’s opinion.

That all changed, says Pontius, over the past few years, when two things happened. First, the HIPAA Omnibus Rule went into effect, and then ransomware became prevalent.

“The HIPAA Omnibus Rule mandates compliance standards for healthcare organizations and their business associates,” says Pontius. “As a technology solution provider for dental practices, we’re a business associate in the government’s eyes, and we share the responsibility of protecting their patients’ information. And, although these regulations have existed since 1996, when the Omnibus Rule went into effect, the OCR [Office of Civil Rights] started enforcing the rules and levying significant fines for noncompliance.”

Ransomware Takes Computer Threats to New Heights

In what would become a perfect storm, cyber threats ramped up in 2014 with retailers experiencing credit card breaches, followed by an onslaught of new malware called ransomware.

“Last summer we saw waves of ransomware pop up with various clients,” says Pontius. “In almost every situation, it started with an office worker clicking on an email attachment sent from an unknown sender posing as a carrier or bank. We try to educate clients about the importance of not opening unfamiliar emails, but some of them just can’t seem to help themselves.”

Last year, Compass Network Group responded to more than two-dozen incidents of issues caused by CryptoLocker, a type of ransomware. In a couple of instances, some customers fell into the same trap more than once. In every incident but one, Compass was able to restore the customer’s data to a pre-infected state with very little downtime.

Barracuda MSP Ensures Data Protection and HIPAA Compliance

“We use Barracuda MSP to provide our customers with an automated, HIPAA-compliant data protection solution,” says Pontius. “Barracuda Intronis Backup - MSP offers a comprehensive solution that features local and cloud backup and recovery capabilities. Plus, it supports the latest data encryption standards and can be managed from a user-friendly portal. What’s also nice is that with the pricing plan from Barracuda MSP we no longer have to worry about cost-per-gigabyte discussions and can focus instead on the value of data protection and compliance.”

As for the customer that got infected with CryptoLocker and wasn’t able to recover its data, Pontius says: “This was one of the few customers who refused to be on our Manged Backup plan. They insisted they ‘had a guy’ who supposedly took care of their backups, but it turned out he left the company many months before CryptoLocker struck. And their data had not been backed up since his departure.”

The client waited three days and eventually decided to pay the ransom, says Pontius. Luckily they were able to get their data back, but they still felt the sting of days of not being able to do anything on their computers, including taking x-rays, scheduling appointments, or billing clients. Now Compass’s Managed Backup offering, powered by Barracuda MSP, protects their customer’s data.

“And, you can be sure we’re sharing this client’s story with every new prospect we encounter who thinks their off-the-shelf backup software is good enough,” Pontius says. “That’s the kind of mentality that keeps cyber criminals in business—and threatens healthcare providers’ and business associates’ businesses.”