Search Site

Health Care Organizations Ill-Prepared To Fight Against Ransomware Attacks

While, thankfully, reports of kidnappings and hostage takings are extremely rare on U.S. soil, U.S. companies and governmental entities are increasingly becoming targets of extortion cyber attacks called rasomware attacks. Using encryption viruses that are often disguised as email links or attachments, would-be thieves are able to access “compromised computer files” and essentially hold them ransom. In cases where a company fails to pay a Bitcoin ransom, the thieves threaten to delete all of the affected files.

While health care institutions have scrambled to ensure that they are in compliance with the Health Information Technology for Economic and Clinical Health Act with regard to the implementation of electronic health records, few have security measures in place to prevent against ransomware attacks.

In recent weeks, several hospitals reported being the targets of ransomware attacks, which confirms the vulnerability of patients’ health care records as well as a general lack of vigilance and preparedness when it comes to cyber security. However, some of the blame lays with legislatures whose efforts to pass HITECH along with its aggressive mandated EHR deadline, has exposed and thereby made it easier to exploit the health care industry’s security weaknesses.

Currently, HITECH requires that health care organizations alert patients when their medical records are breached. However, nothing in the law pertains to ransomware attacks and the notification of patients whose records are frozen and in jeopardy of being deleted. To address this issue, the director of the Bureau of Consumer Protection at the Federal Trade Commission has called upon both Republican and Democrat lawmakers to pass legislation that would allow impacted patients to “seek civil penalties.”

Source:  SC Magazine, “FTC, legislators call for improvements in health-care IT laws, including ransomware protection,” Bradley Barth, March 22, 2016

SC Magazine, “An answer to ransomware?,” Marcos Colon, April 1, 2016


1 Memorial Avenue
Pawling, New York 12564
Phone: 845-855-5900
Pawling Law Office Map


102 Gleneida Avenue
Barrister Hall
Carmel, New York 10512
Phone: 845-225-8404
Carmel Law Office Map

Washington, D.C. Office

1140 3rd Street, NE
Washington, District of Columbia 20002
Phone: 202-830-9532
Washington, D.C. Office Map
Contact Us

Contact Form