You have requested access to member-only content.

Ransomware is a new twist on an old crime

Hackers and malware are routine threats for most healthcare organizations, but this year saw criminals add a devastating tool to their arsenal: ransomware.

Although the dramatic increase in ransomware attacks against healthcare organizations is largely a recent phenomenon, ransomware itself is not new. According to the FBI, it's been around for several years, but the agency began to see an uptick in ransomware attacks in 2015, particularly against organizations. Early this year, the Department of Defense specifically warned healthcare organizations that they are a top target for ransomware. As ransomware continued to grab headlines and lawmakers called for official action, HHS released ransomware response and prevention guidance for healthcare organizations (www.aha.org/content/16/160620cybersecransomware.pdf).

State and federal lawmakers took notice as well. At a March 22 joint hearing of the House of Representatives subcommittees on Information Technology and Health Care, Benefits, and Administrative Rules, some lawmakers suggested HIPAA should be modified to specifically require covered entities and business associates to report ransomware attacks.

Security officers must act now to protect their organizations, and in turn, organizations must be prepared to invest in security and carefully follow related policies. The price for failing to do so could be high.

This is an excerpt from member-only content. Please log in or become a member.

Not a member? Join now!

Revenue Cycle Advisor is the key to your organization's Medicare regulatory news and education. It combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule updates thoroughly.

For questions and support, please call customer service: 800-650-6787.