Ransomware healthcare

Ransomware Healthcare


June 1, 2018 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Another ransomware attack has been making headlines this week–this time, the attack targeted a mental health care provider.

The Minnesota-based Associates in Psychiatry and Psychology announced that it was targeted by a strain of ransomware on March 31 of 2018.

Ransomware healthcare attacks are a growing threat to health care providers because of the significant value that health care data sells for on the darkweb. The way a ransomware healthcare attack works is through a concentrated malware attack. The ransomware infects a given computer or network and encrypts the data stored within these systems. The hackers then contact the owners of the data and provide an ultimatum: pay a ransom fee by a certain date, or access to the data will be permanently barred.

Waves of ransomware healthcare attacks over the past few years have gotten so bad, that the FBI has even released guidance on how to properly deal with an attack when your practice is affected.

Even though data is sometimes able to be retrieved by restoring from an off-site back up, Associates in Psychiatry and Psychology were not so lucky–Information Security Media Group reports that a spokeswoman from the organization confirmed that in the end, the ransom was paid to the hackers.

Growing Ransomware Healthcare Threats

Because healthcare data is so valuable to hackers, the threat that behavioral health professionals face is at an all-time high. And to make matters worse, the headache may not end once the ransom has been paid.

Health care data is considered protected health information (PHI) under HIPAA regulation. HIPAA defines PHI as any of 18 identifiers that can be used to identify a patient. Common examples include names, dates of birth, Social Security numbers, health care records, or addresses. In the event that PHI is breached, the practice that has been targeted must report the incident to the Department of Health and Human Services (HHS). From there, the Office of Civil Rights (OCR) may choose to launch an investigation into the breach. If a HIPAA violation is uncovered over the course of OCR’s investigation, that could mean civil monetary penalties, HIPAA fines, and even jail time for the practitioners responsible.

The best way to protect against a ransomware healthcare attack is through off-site back-up for all data, full-disc encryption, and HIPAA compliance. By implementing a HIPAA compliance program with HIPAA self-assessments in tandem with these security measures, behavioral health professionals can ensure that patient data is kept safe, and mitigate the impact of HIPAA violations should they occur.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

BCTP®-I Telehealth Training & Certificate

Clinicians seeking an orientation to legal, ethical, technical, and clinical issues will find this program a good place to start.

Telehealth Law & Ethical Course Bundle

This Telehealth Legal & Ethical Course Bundle provides the most important risk management and telehealth compliance training available anywhere to help meed telehealth, regardless of the size of your telehealth services.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...