Ransomware Issues in the Healthcare Industry


Ransomware is the current hot topic in cybersecurity because its reach is essentially universal. Driving this trend, in economic terms, is that the value of having access to data often exceeds the price that could be assigned to the data itself, regardless of the industry. Because of the types of information it possesses, the healthcare industry is a particularly valuable and vulnerable target. This practice note discusses issues associated with ransomware attacks on healthcare institutions. It provides in-house and outside healthcare counsel, as well as compliance professionals, with a concise understanding of the mechanics of a ransomware attack and steps healthcare institutions can take to mitigate or prevent one. Furthermore, it explains how ransomware attacks intersect with the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule and how HIPAA's Security Rule can inform a healthcare institution's ransomware response plan.