Employers: Are You Ready for a Cyberwar? Attackers Using Ransomware are Saying Show Me Your Bitcoin!

May 22, 2017

Recently, the WannaCry ransomware attack impacted 150 countries and over 300,000 computers. Not all ransomware attacks are so massive but they all are fast moving and require swift action to prevent destruction and loss of data. In particular, employers who experience a ransomware attack must consider whether there is an impact on the protected health information that is maintained by the employer in connection with its group health plan. Ransomware has the potential to encrypt data that is open and accessible to the user. For example, an HR professional who experiences a ransomware attack on his or her laptop while a program that maintains protected health information is running will expose that protected health information during the attack. In order to unlock data, attackers ask for a monetary payment and more sophisticated hackers will often ask for bitcoin or other payment methods that are more difficult to trace. An employer must do more than pay the attacker to unlock its data. The employer must consider its responsibilities under the Health Insurance Portability and Accountability Act (“HIPAA”) and determine whether such attack requires notification to individuals and the U.S. Department of Health and Human Services (“HHS”).

Read "Employers: Are You Ready for a Cyberwar? Attackers Using Ransomware are Saying Show Me Your Bitcoin!"