Our colleagues Alaap Shah and Stuart Gerson of Epstein Becker Green have written an Expert Analysis on Law360 that will be of interest to our readers: “Health Cos. Must Prepare for Growing Ransomware Threat.”
The following is an excerpt (see below to download the full version in PDF format):
Ransomware attacks have become big business, and they are on the rise. And entities in the health care and life sciences space have become primary targets of opportunity for attackers.
As the recent Colonial Pipeline Co. ransomware event illustrates, a small group of black hat hackers, living in protected status in nation states hostile to U.S. interests, can create massive disruption in our country’s infrastructure and well-being, and significant economic and other benefit for themselves and for the governments that support them.
Why is it that health care is such a prime target? The reason lies in the nature of the data that health care and life sciences companies and institutions create and store, and their relative vulnerability in the way they maintain and communicate it.
Health care entities are a treasure trove of cutting-edge research and information regarding pharmaceuticals, medical devices and other intellectual property that command great value. The protected health information that they store is of immense value, less with respect to identity theft, as is the popular notion, than it is as an enabler of fraudulent billing schemes that can quickly produce millions in revenue for hacking organizations.
And in the broadest sense, imagine, for example, the societal dislocation that a hostile digital intruder, or its sponsors, could cause if hospitals couldn’t provide services because their patient records were made inaccessible by ransomware encryption code. That kind of potentiality has been the reason why so many institutions and companies have caved in to ransomware demands.
Download Epstein Becker Green’s Ransomware Checklist for tips to proactively mitigate ransomware risk and for reactive measures to respond to a ransomware attack.