While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much bigger: ransomware attacks on hospitals and healthcare providers that are not seeking to breach patient information but instead render it inaccessible until the organization pays a hefty ransom.
In just the past few weeks, the following major ransomware attacks on healthcare facilities have occurred:
- In February 2016, hackers used a piece of ransomware called Locky to attack Hollywood Presbyterian Medical Center in Los Angeles, rendering the organization’s computers inoperable. After a week, the hospital gave in to the hackers’ demands and paid a $17,000.00 Bitcoin ransom for the key to unlock their computers.
- In early March 2016, Methodist Hospital in Henderson, Kentucky, was also attacked using Locky ransomware . Instead of paying the ransom, the organization restored the data from backups. However, the hospital was forced to declare a “state of emergency” that lasted for approximately three days.
- In late March, MedStar Health, which operates 10 hospitals and over 250 outpatient clinics in the Maryland/DC area, fell victim to a ransomware attack. The organization immediately shut down its network to prevent the attack from spreading and began to gradually restore data from backups. Although MedStar’s hospitals and clinics remained open, employees were unable to access email or electronic health records, and patients were unable to make appointments online; everything had to go back to paper.
Likely, this is only the beginning coinigy review . A recent study by the Health Information Trust Alliance found that 52% of U.S. hospitals’ systems were infected by malicious software.