Will You Pay the Ransom for Your PHI?

Over the past year, ransomware attacks have skyrocketed and experts worry the trend will continue.

Hackers took advantage of the COVID-19 pandemic and utilized ransomware to lock healthcare entities out of their systems, EHRs, files and patient data in demand for hefty ransoms.

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog click here).

Many healthcare entities are faced with the difficult choice of whether or not to pay a ransom in the hopes of getting access to their systems and files.

While many entities have chosen not to pay the ransom and instead involve authorities, others have paid steep ransoms.

What is the downside to paying ransom?

  • Other hackers will learn that you have a reputation for paying;
  • You may put your practice at financial risk;
  • Your patients and vendors will find out and will likely be upset;
  • You might have problems with future business dealings in the industry;
  • You will still have to deal with the ramifications of a breach;
  • You might not actually get your data back.

If you discover a hacker is holding your data hostage and demanding a ransom, you should inform law enforcement immediately.

You should also alert your healthcare attorney immediately to help you enact your breach response plan.

To protect your practice, the best thing to do is to have a breach readiness plan in place.

Know how your practice will respond in the event of a breach. Prepare your practice by installing firewalls, encryption software, and ample backups. Make sure you have a comprehensive compliance plan that includes HIPAA breach prevention and reporting policies and procedures.

Having off-site backups of data can allow your practice to continue operating while locked out of your systems or records.

Additionally, it is essential that you train your staff to follow the guidelines in your HIPAA Compliance Plan. Be sure that your employees know exactly what to do if a breach occurs, and how to appropriately report misconduct. Further, make sure that you have trained your employees sufficiently enough so that their errors do not lead to system weaknesses or potential breaches.

We can help you create and implement a comprehensive HIPAA Compliance Plan, including the development of employee training programs. Call us today!

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.