Healthcare providers face increasing risks of illegal medical record disclosure and undermined patient care as a result of cyber extortion schemes, according to Bloomberg BNA. Here are nine key points.
1. In a basic cyber extortion scheme, a hacker blocks healthcare data and makes financial demands in exchange for recovered access.
2. Hackers can disrupt treatment at healthcare facilities by blocking service on certain medical devices. They can also take medical records captive or shut down entire computer systems.
3. Without the crucial patient information contained within EHR systems, providers would be unable to treat patients.
4. Greenfield, Ind.-based Hancock Regional Hospital paid $50,000 to restore access to its computer systems in early January.
5. Ransomware is a cyber extortion scheme involving hackers threatening to publish stolen data unless the victim pays a ransom.
6. The HHS Office for Civil Rights warns that denial of service and distributed denial of service attacks, in which hackers overload systems with information and traffic, are increasingly common.
7. Experts recommend that healthcare facilities employ training and education programs. "Running drills that involve sending fake, suspicious-looking emails to employees is one tool that facilities can use to see just how effective their training programs really are, and alert them to which employees may need extra training," said Jeremy Sherer, a health-care attorney at Hooper, Lundy & Bookman PC in Boston.
8. W. Reece Hirsch, a healthcare attorney with Morgan, Lewis & Bockius LLP in San Francisco, urges attacked organizations to collect information on the type of malware present, its algorithmic processes and whether data was stolen.
9. HIPAA's security rule requires organizations to establish plans to back-up sensitive data. Healthcare organizations can periodically test these plans as a precaution.