Dan,
I think you may be over thinking this a bit. And, a bit too worried. With Cryptolocker you sometimes get your data back. With other malware, you can't even run your computer.
Encryption is only in effect when the computer is off. Not many viruses get in those. It's not encrypted when it is running and most servers run 24/7. The key is to back up to an encrypted drive. Or disconnect as you say.
It is not feasible to do a full backup online each day. A GB of data just takes too long. What you are doing is fine. Diff, incremental or dedupe is the only way to go. That is why some of these online services provide sending a hard drive of your data overnight. And, in much the same way, "seeding" your backup.
I am way over the top as I do two full backups each night. I have five drives to back up to, so I end up thirty or so backups, 25 or so are likely useless for restoring -- just good for finding a file.
What software are you using for a backups? Take drives home is a great way to go expect we all end up forgetting. You are better off having a company put a safe into the floor and putting the backup there.
You are right to be worried. But, they key is backups, backups, backups. With Cryptolocker you will only be 24 hours behind. The backup just done could be infected. The one prior won't.
Remember the mantra: Once infected, always suspected.
Oh and the answer to your question for the best encryption software:
Free: TrueCrypt
Pro: jetico.com
But, you souind like you are at the point where you may want to go with a professional backup system such as Zetta and Barracuda. But, they are pricey.
If you take home the drive, you best be sure it is encrypted. A non encrypted drive with PHI that gets stolen is a serious HIPAA offense. And, if it is encrypted, why take it home? If someone steals it from your office you don't look that bad, but if they grab it from your car, you do.
