Categories: Cybersecurity, Health Information Technology, Privacy and Security Law
,

Our colleagues Alaap Shah and Stuart Gerson of Epstein Becker Green have written an Expert Analysis on Law360 that will be of interest to our readers: "Health Cos. Must Prepare for Growing Ransomware Threat."

The following is an excerpt (see below to download the full version in PDF format):

Ransomware attacks have become big business, and they are on the rise. And entities in the health care and life sciences space have become primary targets of opportunity for attackers.

As the recent Colonial Pipeline Co. ransomware event illustrates, a small group of black hat hackers, living in protected status in nation states hostile to U.S. interests, can create massive disruption in our country's infrastructure and well-being, and significant economic and other benefit for themselves and for the governments that support them.

Why is it that health care is such a prime target? The reason lies in the nature of the data that health care and life sciences companies and institutions create and store, and their relative vulnerability in the way they maintain and communicate it.

Health care entities are a treasure trove of cutting-edge research and information regarding pharmaceuticals, medical devices and other intellectual property that command great value. The protected health information that they store is of immense value, less with respect to identity theft, as is the popular notion, than it is as an enabler of fraudulent billing schemes that can quickly produce millions in revenue for hacking organizations.

And in the broadest sense, imagine, for example, the societal dislocation that a hostile digital intruder, or its sponsors, could cause if hospitals couldn't provide services because their patient records were made inaccessible by ransomware encryption code. That kind of potentiality has been the reason why so many institutions and companies have caved in to ransomware demands.

Download Epstein Becker Green’s Ransomware Checklist for tips to proactively mitigate ransomware risk and for reactive measures to respond to a ransomware attack.

Download the full article in PDF format.

Tags: Alaap Shah, Dark Web, Extortion, FBI, hackers, Health Information, Health Insurance Portability and Accountability Act, Health-Care, Life Sciences, Ransom, Ransomware, Ransomware Demands, Stuart Gerson, U.S. Department of Health and Human Services, U.S. Department of Homeland Security, U.S. Department of Justice, U.S. Secret Service
Back to Health Law Advisor Blog

Search This Blog

Blog Editors

Authors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.