Jon, you're right that I'm over-reacting, but not all of us have Russian friends who will take care of the problem for $300.
I too would gladly pay the $300. Would you pay $30,000+ for your data? I'm not worried about cryptlocker right now. They are treating every attack like it has the value of a home network. $300 is peanuts for our data. It is son of cryptolocker in the future I am worried about.
Soon, the data kidnappers are going to start going where the money is, and we are the sweet spot. It could get as bad as being rich in Central or South America. We don't have professional protection from an IT department and we just aren't going to get the justice system all excited about twisting arms in central Europe, but out data is worth 10-20% of our yearly income. As soon as they start targeting attacks, the pain will escalate.
I don't know if my business insurance covers seeing half as many patients a day for 6 months to rebuild patient data. I don't want to use savings to float the practice for 6 months. I do know I don't want the stress. I don't want to lose my nights and weekends.
We are living with bitcoin, the dark web, and criminal enterprises going where only geeks used to go. I think it is going to get worse. A disgruntled employee, a patient with a bad outcome or frustrated with your office. They might have revenge on their mind instead of venting to the State Board.
I know 2 physicians with data catastrophes. One a fire and one a theft. It left a mark on them.
