Leslie A. Rojas

05.16.2017

The largest cyberattack we have ever seen occurred last Friday, May 12, and is ongoing. How did this happen and what can we learn from it?

The attack employed ransomware, which is a type of virus that locks users out of their computer files and holds those files for ransom. The virus often enters the system by way of an email attachment. Once the virus takes over your system and locks you out of your files, the perpetrators demand the victim pay a ransom within a set amount of time. Depending on the sophistication of the chosen victim, the perpetrators will often demand tens of thousands of dollars in ransom. 

In this instance, the ransomware exploited a Windows vulnerability for which Microsoft had released a security patch in March. However, the security patch only protected against the virus if the systems were updated with the patch.

This recent attack highlights the importance of ensuring your computer systems are updated on a regular basis. Healthcare providers and businesses whose systems are held hostage by ransomware face exposure under HIPAA. However, on top of HIPAA concerns, healthcare providers and businesses may:

• Lose access to documentation needed to bill for healthcare services, resulting in significant monetary losses for services already rendered;
• Lose access to patient health records, which causes safety and quality of care concerns
  related to ongoing treatment; and
• Lose access to patient appointment programs, causing scheduling chaos for providers and patients.

Many providers have written policies requiring their employees to update their computer systems and anti-virus software on a regular basis. It is imperative that you remind your employees of this policy often and provide education on how to detect and avoid suspicious emails containing viruses.

Your Plunkett Cooney Healthcare Industry Group attorneys can assist you with your cybersecurity concerns. For more information, please contact Mark Kopson at mkopson@plunkettcooney.com.