Will You Pay the Ransom for Your PHI?

Over the past year, ransomware attacks have skyrocketed and experts worry the trend will continue.

Hackers took advantage of the COVID-19 pandemic and utilized ransomware to lock healthcare entities out of their systems, EHRs, files and patient data in demand for hefty ransoms.

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog ).

Many healthcare entities are faced with the difficult choice of whether or not to pay a ransom in the hopes of getting access to their systems and files.

While many entities have chosen not to pay the ransom and instead involve authorities, others have paid steep ransoms.

What is the downside to paying ransom?

  • Other hackers will learn that you have a reputation for paying;
  • You may put your practice at financial risk;
  • Your patients and vendors will find out and will likely be upset;
  • You might have problems with future business dealings in the industry;
  • You will still have to deal with the ramifications of a breach;
  • You might not actually get your data back.

If you discover a hacker is holding your data hostage and demanding a ransom, you should inform law enforcement immediately.

You should also alert your healthcare attorney immediately to help you enact your breach response plan.

To protect your practice, the best thing to do is to have a breach readiness plan in place.

Know how your practice will respond in the event of a breach. Prepare your practice by installing firewalls, encryption software, and ample backups. Make sure you have a comprehensive compliance plan that includes HIPAA breach prevention and reporting policies and procedures.

Having off-site backups of data can allow your practice to continue operating while locked out of your systems or records.

Additionally, it is essential that you train your staff to follow the guidelines in your HIPAA Compliance Plan. Be sure that your employees know exactly what to do if a breach occurs, and how to appropriately report misconduct. Further, make sure that you have trained your employees sufficiently enough so that their errors do not lead to system weaknesses or potential breaches.

We can help you create and implement a comprehensive HIPAA Compliance Plan, including the development of employee training programs. Call us today!

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, 


Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.