Healthcare Ransomware

Health Data Management has a nice article up with insights on healthcare ransomware from GreyCastle Security’s CEO, Reg Harnish. Reg made a great case for why healthcare is seeing so much ransomware: He contends that healthcare isn’t any more vulnerable to ransomware than other industries. But Harnish observes that—given the value of patient data and medical records—providers are the focus of cyber criminals who are targeting them with file-encrypting malware. “You take their data away, and it literally threatens lives, patient safety and patient care, so they are much more likely to pay a ransom,” he adds. I think healthcare organizations do respond differently to ransomware than other organizations and that makes them more vulnerable to an attack since many healthcare organizations feel it’s their obligation to maintain patient safety and that the ransom is worth the money so they can do no harm to patients. Reg also addressed whether paying the ransom in a ransomware incident was a good idea (it’s not): On the question of whether or not organizations should give in to the demands of cyber criminals using ransomware, Harnish says that GreyCastle never recommends paying a ransom. “There’s no guarantee that the ransom will work,” he warns. “If you pay the ransom, you may not get decryption keys. And even if you do get decryption keys, they may not be the right ones.” Further, Harnish cautions that those organizations that pay a ransom the...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Healthcare AI HealthCare IT HIPAA General Security Rule #Ransomware Greycastle Security Healthcare Ransomware Reg Harnish Source Type: blogs