UPDATE: I found and wrote this before the huge world wide ransomware attach over the weekend. Some have dubbed the attack as an opening salvo in World Cyber War I.
…the real surge in healthcare data crime is expected in ransomware in which a data thief holds a patient’s records for ransom. According to a recent U.S. Government report, there have been approximately 4,000 ransomware attacks per day in 2016– a dramatic increase over the 1,000 attacks per day reported in 2015.
Three dental offices at my recent session in Utah reported a recent ransomware attack. According to law enforcement stats 88% of newly reported ransomware attacks are targeting medical and dental offices.
The Utah offices were able to trace the attack to a malicious e-mail that a staff person opened and acted on. One e-mail advised the office of a UPS package that they needed to pick up and a second was supposedly an update of Adobe Acrobat.
If you become a victim of ransomware you have little recourse but to pay up. Usually the ransom (in bitcoins) is under $10,000 and you have a very limited time to pay, like 48 hours. You should report the attack to law enforcement.
Ransomware is almost by definition a HIPAA violation. HIPAA not only requires you to protect your data from exposure it requires you to protect it for future use. You are considered the custodian of the data for future patient use and if you loose it you are in violation.
More to come