What is Ransomware and should I be afraid of it?
Ransomware is used by cybercriminals to require payment (“ransom”) from a business or medical practice by demanding quick and direct payment to release information that has been encrypted. Ransomware attacks have quadrupled this year, averaging 4,000 per day, according to the Justice Department. HHS has put out a “Fact Sheet” on “Ransomware and HIPAA” which treats ransomware as a notice-triggering data breach by default, unless it is determined via a breach risk assessment not to constitute or involve such a breach. There are key protections such as safe, segregated, and reliable backups and patching, monitoring, and training to avoid phishing. If your system or network is attacked with Ransomware contact your IT vendor or in-house service immediately. Make sure you also contact your HIPAA Privacy and Security officer to evaluate how this situation should be classified. This is more about the control of systems rather than breaches of personal information. As always review your policies and procedures and update and educate your workforce as needed.