Alarming Rate of Ransomware Data Breaches Calls for Increased Protection in Healthcare Industry
Participants in the healthcare industry have seen a multi-front threat related to their information security practices/healthcare data – increased enforcement and fines by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR); increased scrutiny from plaintiffs’ attorneys and State Attorneys General; and increased threats from malicious actors.
Recent reports underscore this reality. The 2022 SonicWall Cyber Threat Report notes that the healthcare industry faced a 755% increase in ransomware attacks in 2021. The FBI has also noted in their 2021 Internet Crime Report that the healthcare industry saw at least 148 Ransomware attacks in 2021. The FBI’s report emphasized that healthcare organizations have increasingly become the most targeted industry for ransomware attacks. This is chiefly accredited to the sensitive patient information they possess, and the general perception that they have weak security. Further, commenters have long noted that stolen health care data sells for a premium on the Dark Web.
COVID-19 further exacerbated the problem — to support a remote workforce, healthcare organizations and their business associates rushed to implement remote access solutions. In the haste, basic security practices were overlooked, and vulnerabilities were severely exploited. This rapid transition was an additional factor that has made healthcare one of the most targeted industries for ransomware attacks.
HHS has responded with useful tactics for healthcare providers to protect their patients’ information. HHS’s Cybersecurity Coordination Center recommends healthcare organizations use two-factor authentication with strong passwords and sufficiently back up data. Additionally, they recommend consistent use of the 3-2-1 rule: back up the data in three different locations and save on at least two media forms (with one of them store offline).
Regulated entities are aggressively being pursued by criminal hackers, which amplifies the importance of seeking out specialized healthcare attorneys and implementing HHS recommendations. The Health Law Partners has a long track record of assisting its clients with proactively bolstering their HIPAA compliance programs, responding to breaches, and defending clients when OCR investigations ensue. Contact Clinton Mikel, Esq. (cmikel@thehlp.com; (248) 996-8510) or your current Health Law Partners attorney, for additional information or assistance.