Lessons Learned From Another Ransomware Attack
Menu

Another Ransomware Attack - Lessons Learned

Earlier this month I commented on a Los Angeles hospital’s computer system that was taken over by hackers, and the criminals demanded a ransom payment in bitcoin to release the electronic medical records.   The hospital ended up paying the ransom in 40 bitcoins (approximately $17,000), as demanded by the criminals. In that post I shared some technical advice from the Office of Civil Rights and the FBI to combat the risk of having your electronic records held for ransom.

There has been another news story about a ransomware attack, this time involving a hospital in Kentucky. At least two things are noteworthy about this recent attack:

  • The hospital regained control of its records – without paying the ransom (bitcoin was again demanded)
  • The virus was sent in a malicious email to an employee

 

The second point triggered what my IT team always says: viruses cannot get in themselves – they have to be let in by employees. So I wanted to remind folks of the simpler, less technical advice that may get forgotten:

  • Never open an attachment unless you know what it is, and you trust the sender.
  • Never click on a link in an email message unless you know where it points, and you trust the sender.
  • Never install software without confirming with IT that it’s OK to do so.
Posted:
Categories: PRMS Blog, EHRs, Electronic Health Records, Data Breach, Risk Management

PRMS®
4300 Wilson Boulevard, Suite 700, Arlington, VA 22203
(800) 245-3333  |  clientservices@prms.com

Privacy Policy | Business Associate Agreement | Terms and Conditions

Professional Risk Management Services® © 2024

Also of Interest:

Actual terms, coverages, conditions and exclusions may vary by state and are subject to underwriting. Insurance coverage provided by
Fair American Insurance and Reinsurance Company (FAIRCO), New York, NY (NAIC 35157). FAIRCO is an authorized carrier in California, ID number 3715-7.
PRMS, The Psychiatrists' Program and the PRMS Owl are registered Trademarks of Transatlantic Holdings, Inc., a parent company of FAIRCO.

Professional Risk Management Services (“PRMS”) provides the information contained in this website for general use and information. Information provided is intended to improve clarity on issues regarding psychiatry services and insurance coverage, and related issues regarding those services. This information is intended, but not promised or guaranteed, to be current, complete, or up-to-date. PRMS is neither a law firm nor a provider of professional medical services, and the materials on this website do not constitute legal, medical, or regulatory advice. You should not act or rely on any legal or medical information in this website without first seeking the advice of an attorney, physician, or other appropriate professional.