When COVID-19 was on the rise, ransomware attacks were right alongside it. A new investigation published in JAMA Health Forum found that ransomware attacks more than doubled in the last five years. Ransomware is software that is harmful to a computer network or server because it prevents users from accessing their systems and demands a ransom to restore access. In the healthcare industry, ransomware attacks are used to target healthcare data, including protected health information (“PHI”), and disable or encrypt access to records. The goal of the cybercriminals is to disrupt healthcare delivery, so the organization is pressured to pay the cybercriminal for releasing the data.

Just as exposure to COVID-19 increased, PHI exposure increased elevenfold from 1.3 million in 2016 to more than 16.5 million in 2021. Cyberattacks have, and will continue to be, prevalent across all industries, and the healthcare industry is no exception. Therefore, healthcare companies must take proactive measures to prevent cyberattacks, and Boards of Directors of such organizations have a duty to investigate options for protection and put appropriate ones in place. Findings from the investigation show healthcare organization employees are vulnerable to phishing emails, which is the entry point for ransomware attacks. Proper training and enhanced cybersecurity measures are worth the time and money investment to ensure ransomware does not disrupt healthcare delivery.

For more information on how your healthcare practice or facility can protect against ransomware attacks, please contact Michael T. Burke at mtburke@foxrothschild.com or (612) 607-7124.