On Monday, July 11, 2016, Department of Health and Human Services' Office for Civil Rights issued a "Fact Sheet" on ransomware and the Health Insurance Portability and Accountability Act (HIPAA). The Fact Sheet cites a recent US Government interagency report that indicates, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300 percent increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware exploits human and technical weaknesses to gain access to an organization's technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, the Fact Sheet describes measures known to be effective to preventing the introduction of ransomware and to recovering from a ransomware attack. The document describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role HIPAA has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.
展开▼