Hospitals and healthcare organizations are not safe from ransomware attacks, and due to the value of patient data, the number of cyberattacks that target the healthcare industry has been significantly on the rise since the COVID-19 pandemic.
Medical record breaches are a serious issue that every healthcare organization needs to address. Hospitals and other healthcare institutions can take steps that both proactively prevent ransomware attacks as well as help to quickly resolve any ransomware attacks that may occur with a pre-existing plan.
Table of Contents
What Is a Medical Record Breach?
A medical record breach is an instance that endangers or compromises confidentiality for patients. Cyberattackers may encrypt medical data, threaten to publish it publicly, and/or illegally sell it on the virtual black market if a ransom is not paid.
What are the Consequences of a Medical Record Breach?
Every healthcare organization has a moral obligation to protect the confidentiality of its patients’ medical records. Additionally, organizations may face penalties for HIPAA violations, depending on the severity of the attack and how proactive or responsive the organization acts. HIPAA categorizes violations in the following way:
First Tier
If the organization “could not have realistically avoided” the ransomware attack, penalties can range from $100-$50,000 per incident (up to $1.5 million).
Second Tier
If the organization “should have been aware of but could not have avoided even with a reasonable amount of care” it may face penalties ranging from $1,000-$50,000 (up to $1.5 million) per incident.
Third Tier
If the organization acted with willful neglect but corrects the breach quickly (within 30 days) it may face penalties ranging from $10,000-$50,000 (up to $1.5 million) per incident.
Fourth Tier
If an organization acts with willful neglect and takes no steps to make corrections in a timely fashion, it will face penalties of at least $50,000 per incident (up to $1.5 million).
In some cases, HIPAA violations can also lead to criminal charges, and violators may be prosecuted at the state level, by the Attorney General, or by the United States Department of Justice.
How to prevent ransomware from breaching medical histories
The best way to prevent ransomware from breaching medical histories is to take preventive action. Partner with cybersecurity service providers who understand HIPAA compliance and can ensure your organization is well protected. One of the most secure places you can store sensitive data is in cloud-based storage, which is difficult for cybercriminals to infiltrate but easy for your organization to update and manage.
Also be on the lookout for services that offer security awareness training, which can help empower everyone in your organization to appropriately respond to ransomware so that it cannot spread within your organization.
