Video: Every Case Tells a Story| Webinar: ACR/CHEST ILD Guidelines in Practice

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

How to Prevent, Detect and Respond to a Ransomware Attack

  |  Issue: November 2017  |  

It is recommended that you not pay the ransom. Doing so only funds cybercriminals and encourages them to continue their bad acts. More importantly, paying the ransom does not guarantee you will be able to regain access to the encrypted files. Victims who pay are often provided with inadequate encryption keys that either don’t work at all or decrypt only some of the files.

Instead of paying the ransom, restore affected files from reliable backups. Your IT manager or vendor should be able to assist with restoration. It is certainly mitigating if you can conclusively prove that all affected data has been restored to the state that it was in immediately prior to the ransomware infection.

ADVERTISEMENT
SCROLL TO CONTINUE

Once the forensic investigation and restoration are final, work with your legal counsel to analyze the incident. A risk assessment under HIPAA is a very complex analysis of the facts and their interplay with HIPAA. Therefore, it’s important to work with an attorney who specializes in data privacy. Failure to work with a specialist could result in an improper determination that a breach did or did not occur, which carries with it the risk of reputational harm, potential OCR investigations, and fines and penalties. For this reason, the analysis must be properly conducted by someone with significant experience.

Final Thoughts

The unfortunate truth is that in today’s age, it is not a matter of if a breach will happen, but instead when will a breach happen. Although this mentality seems pessimistic at best, treating data privacy in this manner will enhance your compliance and mitigate risks to your system. Taking a proactive approach to compliance enables you to determine your system’s weaknesses and overcome those weaknesses with little or no repercussions, as opposed to waiting for a breach to happen to rectify any system vulnerabilities.

ADVERTISEMENT
SCROLL TO CONTINUE

Cybercriminals are becoming more and more sophisticated each day, so now is the time to evaluate your system and confirm that you are situated the best you can be in the event a security incident. Don’t wait until it’s too late, or you may find yourself on the wall of shame.

Steven M. Harris, Esq.Steven M. Harris, Esq., is a nationally recognized healthcare attorney and a member of the law firm McDonald Hopkins LLC. Contact him via email at [email protected].

Related Articles

    Phase 2 of HIPAA Audit Program Launches

    With many competing priorities facing physician practices, HIPAA compliance and security is not a topic that usually makes it to the top of the list. But this is not the case with the Department of Health and Human Services’ Office for Civil Rights (OCR), because it has initiated a new phase of audits of physician…

    HIPAA Audit Activities Increase in 2016

    In the coming months, rheumatologists may want to pay particular attention to their email inboxes. By the end of the year, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will complete stage I, phase II of a series of desk and on-site audits designed to assess providers and their business…