Ransomware by definition is a type of malicious software designed to block access to a computer system until a sum of money is paid. Although this form of cyber threat has been around for years, the healthcare industry has experienced a well-publicized surge of ransomware attacks. We live in a data-driven world. Ransomware is a quick, easy source of revenue for cyber criminals because providers cannot afford to lose access to critical data for any extended period of time. These attacks can leave an organization at risk of losing their HIPAA compliance, crippled with no access to critical information, and in a state of emergency. When medical devices, servers and computers stop functioning, it causes a substantial disruption in the flow of information, including but not limited to:
Any one of these can put patients’ safety and information at risk – opening up the possibility of a HIPPA violation. In fact, earlier this year the department of Health and Human Services (HHS), announced that any device that contains Personal Healthcare Information (PHI) which is infected with Ransomware must be reported as a HIPAA violation. Ransomware is evolving and becoming more advanced. It is not always an instant strike as it can infect a system, and sit dormant with the ability to access and copy data from servers and other unprotected medical equipment. In 2015, data breaches in health care totaled more than 112 million records. The healthcare industry needs to take the threat of ransomware seriously. Security is lax. Make your plans before there is a state of emergency.
Ransomware is not going away. Will you plan to do something about it BEFORE… it becomes an EMERGENCY?