March 25, 2023

Volume XIII, Number 84


March 24, 2023

Subscribe to Latest Legal News and Analysis

March 23, 2023

Subscribe to Latest Legal News and Analysis

March 22, 2023

Subscribe to Latest Legal News and Analysis

Advice to Healthcare Providers on Ransomware from the Head of the FBI

On Wednesday, March 8, James B. Comey, Director of the FBI, was at Boston College to deliver the keynote address for the inaugural Boston Conference on Cyber Security (BCCS 2017).  Director Comey addressed various industry, cyber security, FBI, law enforcement and military experts in attendance regarding current cyber threats to both industry and government assets and the FBI’s approach to confronting them.   During his remarks, Director Comey was asked to opine on the biggest cyber threat to healthcare providers, to which Comey quickly responded, “ransomware.”

Ransomware is malware that installs covertly on a computer, tablet, or other mobile device and encrypts the victim’s data, preventing access unless and until the victim pays the ransom, typically in the form of bitcoins.  Healthcare providers are appealing ransomware targets because they are dependent on immediate access to real time data in order to care for their patients.  For those same reasons, healthcare providers often elect to pay the ransom to unlock their records, making them a lucrative target for hackers.  Director Comey’s advice to health care providers was twofold:

Never Pay Ransom:  The advice to never pay ransom was echoed by a number of intelligence and security experts during BCCS 2017.  According to Director Comey, the payment of ransomware by one healthcare provider emboldens attackers and proliferates the attacks, placing other healthcare providers at risk.

Maintain Adequate Backup Systems:  Comprehensive business continuity plans and data backup are the only surefire way to continue critical operations following a ransomware attack and avoid paying ransom.

Director Comey also encouraged healthcare providers to work closely with the FBI by reporting all manner of cyberattacks, noting that industry and law enforcement collaboration is key to combatting cybercrime.

Speakers emphasized the importance of data backup, but also the importance of testing business continuity and data back up plans before a disaster.  “An ounce of prevention can prevent a million headaches,” one speaker said.

©1994-2023 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume VII, Number 69

About this Author

Dianne Borque, Health Care, licensure, risk management, attorney, Mintz
Of Counsel

Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process. In addition, Dianne currently serves as a Vice Chair of AHLA's...

(617) 348-1614
Cynthia Larose Privacy Attorney Mintz Levin
Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...