Thanks Tobin, and everyone elses' input. I have been very busy and emotionally drained from this whole ordeal.
It is now obvious that UPDOX was NOT the source. In the "heat" of it all I thought it was. We do not know where the attack came from, likely never will.
Now have malware bites real time scanning in all computers. $3k for 20 stations for 3 years, but far cheaper than paying $70k (?) ransom for their data as UCLA recently did.
Java is now up to date. Some computers had old java as updox desktop app was not working with newer java way back then. This issue has been corrected per updox; it now works on newest java. It would have been nice for UPDOX to send a note about this, maybe they did and I did not notice. As we well know, inertia takes over and it is easy to let things be the way they are. It takes effort to change. "if it ain't broken don't fix it" Well, it did break, big time. Well at least the data was not compromised. IT tells me no data was ever transferred out, so you will not be reading about me in the NYTimes anytime soon. Maybe just as an epitaph.
All admin rights have been revoked. No-one can stop antivirus / malware bites scans anymore. No more installing programs on your own. A pain to have to ask for anything to be done, but such is life.
We were back to working order Monday, as if nothing ever happened. Minus 2 hours of work. And a lot more gray hair.
Part of the problem is that my associate and I usually access out office via rdp (used to be logmein but rdp is free) from different computers in different hospitals to do our charting. We also access other hospitals via rdp / cisco (methodist, baptist, CSR) to view patient info on their EMR / PACS). We also access from home, but at least we have control over that. We have no way of knowing if one of those hospital computers had an infection and can't control for their antivirus / malware status.
Any advise on this regard would be appreciated. Obviously best solution would be to have a completely isolated network, but that is not practical. We need real time access to our data to best care for our patients, chart/bill, and keep our overhead low.
