Daniels Porco & Lusardi, LLP Daniels, Parco & Lusardi LLP
Consult With An Experienced Lawyer
845-350-2837 / 845-228-8041
practice areas

Health care organizations ill-prepared to fight against ransomware attacks

While, thankfully, reports of kidnappings and hostage takings are extremely rare on U.S. soil, U.S. companies and governmental entities are increasingly becoming targets of extortion cyber attacks called rasomware attacks. Using encryption viruses that are often disguised as email links or attachments, would-be thieves are able to access "compromised computer files" and essentially hold them ransom. In cases where a company fails to pay a Bitcoin ransom, the thieves threaten to delete all of the affected files.

While health care institutions have scrambled to ensure that they are in compliance with the Health Information Technology for Economic and Clinical Health Act with regard to the implementation of electronic health records, few have security measures in place to prevent against ransomware attacks.

In recent weeks, several hospitals reported being the targets of ransomware attacks, which confirms the vulnerability of patients’ health care records as well as a general lack of vigilance and preparedness when it comes to cyber security. However, some of the blame lays with legislatures whose efforts to pass HITECH along with its aggressive mandated EHR deadline, has exposed and thereby made it easier to exploit the health care industry's security weaknesses.

Currently, HITECH requires that health care organizations alert patients when their medical records are breached. However, nothing in the law pertains to ransomware attacks and the notification of patients whose records are frozen and in jeopardy of being deleted. To address this issue, the director of the Bureau of Consumer Protection at the Federal Trade Commission has called upon both Republican and Democrat lawmakers to pass legislation that would allow impacted patients to "seek civil penalties."

Source:  SC Magazine, "FTC, legislators call for improvements in health-care IT laws, including ransomware protection," Bradley Barth, March 22, 2016

SC Magazine, "An answer to ransomware?," Marcos Colon, April 1, 2016

No Comments

Leave a comment
Comment Information

Want To Learn More?

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy


Pawling Office
1 Memorial Avenue
Pawling, NY 12564

Phone: 845-350-2837
Fax: 845-855-5945
Pawling Law Office Map

Carmel Office
102 Gleneida Avenue
Barrister Hall
Carmel, NY 10512

Phone: 845-228-8041
Fax: 845-225-4262
Carmel Law Office Map

Review Us