The Rheumatologist
COVID-19 News
You are here: Home / Articles / How to Prevent, Detect and Respond to a Ransomware Attack

How to Prevent, Detect and Respond to a Ransomware Attack

• By

Nicescene / SHUTTERSTOCK.COM

Nicescene / SHUTTERSTOCK.COM

Every day, more than 5 million records are lost or stolen. That’s more than 217,000 records per hour, 3,600 records per minute and 60 records every second. Due to increasingly sophisticated hacking tactics and ransomware, it’s anticipated that the number of reported breaches will continue to rise at an accelerated rate.

In August, the list of reported Health Insurance Portability and Accountability Act (HIPAA) breaches broke a new record. More than 2,000 breaches affecting 500 or more individuals have been reported to the Office for Civil Rights (OCR) since 2009. It took nearly five years for the wall of shame to reach 1,000 breaches affecting 500 or more individuals and reporting has since increased due in part to OCR’s ramped up enforcement efforts, which seek to hold covered entities responsible for failure to report a breach within 60 days of discovery. This evokes extreme concern.

ADVERTISEMENT
SCROLL TO CONTINUE

In addition to the recent milestone, the wall of shame underwent a significant makeover in July, which now enables users to view breaches currently under investigation that were reported within the previous two years, all breaches reported more than two years ago and all breaches since 2009 for which OCR investigations have concluded. There is also a research report function that provides the total number of breaches reported to the OCR, regardless of whether they are still under investigation or when they were reported.

In light of this, it is critical that you assess your compliance with the HIPAA Privacy and Security rules and continuously educate staff on HIPAA compliance. Analyzing a security incident and determining that a breach occurred can be a complex analysis that significantly cuts into the 60-day notification window. You must understand the notification requirements to ensure that notifications are filed timely in the event of a breach. Understanding your legal obligations under HIPAA can reduce the risk of a security incident. The key is understanding your system’s vulnerabilities and what external threats may affect your security—and then educating your staff on those threats.

ADVERTISEMENT
SCROLL TO CONTINUE

Ransomware

One of today’s biggest threats is ransomware. In its June 12, 2016, guidance on ransomware, the U.S. Department of Health and Human Services (HHS) described it as “a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.” After the data is encrypted, a ransom note typically appears, which demands payment (usually in cryptocurrency, such as Bitcoin) so the user can receive a decryption key.

ACR Convergence

Don’t miss rheumatology’s premier scientific meeting for anyone involved in research or the delivery of rheumatologic care or services.

Visit the ACR Convergence site »

Meeting Abstracts

Browse and search abstracts from the ACR Convergence and ACR/ARP Annual Meetings going back to 2012.

Visit the Abstracts site »

Simple Tasks

Learn more about the ACR’s public awareness campaign and how you can get involved. Help increase visibility of rheumatic diseases and decrease the number of people left untreated.

Visit the Simple Tasks site »