February 7, 2023

Volume XIII, Number 38


February 06, 2023

Subscribe to Latest Legal News and Analysis

Increased Threat of Cybercrime in Healthcare Industry

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) are aware of an increased cybersecurity threat to hospitals and healthcare providers in the U.S.

This client alert is to make you aware of this increased threat and provide you with information and resources that can help you avoid, mitigate, and respond to such threats. 

What Is Malware?

Much like the virus that poses a threat to our personal health this year, "malware," a portmanteau for malicious software, is a computer virus that poses a threat to information security. 

The reason malware successfully causes damage to a computer, server, or computer network, is that it is often disguised as harmless.  Once it is inside a computer system, it can produce copies of itself and insert them into other computer programs and files. Most malware is designed for the cybercriminal to intentionally steal personally identifiable information, financial information, and other sensitive information.  For the healthcare industry, this threat extends to unauthorized access and disclosure of demographic information, medical histories, test and laboratory results, mental health conditions, insurance information, and other data that a healthcare professional collects to identify an individual ("Protected Health Information" or "PHI").

What Is Ransomware?

Ransomware is a specific type of malware that disables the victim's access to data until payment is paid. Advanced ransomware encrypts the victim's files, making them inaccessible until a ransom payment is paid to decrypt them.  Since the cybercriminals typically demand cryptocurrency, tracing the criminals to prosecute them for ransomware attacks is extremely difficult.

What Can You Do?

There are advanced anti-malware software programs, including on-access or real-time scanners, that can protect computer systems from ransomware attacks. Anti-malware software programs can provide real-time protection and detect and remove malware software that has already been installed onto the computer, server, or computer network.

All healthcare organizations are encouraged to maintain business continuity plans that will keep them afloat during cyberattacks. Much like wearing masks and washing our hands, healthy strategies for your organization include the following:

  • maintain updated systems, software, and firmware;
  • encrypt data;
  • regularly change passwords and use multi-factor authentication;
  • back up data;
  • audit user accounts;
  • identify critical data assets and create backups offline;
  • conduct regular anti-malware scans;
  • disable unused remote access;
  • monitor remote access;
  • implement a cyberattack response plan; and
  • implement a data recovery plan.

Also important are employee training programs, designed to inform individuals about the risks of ransomware and how to implement behavior that ensures protection against ransomware attacks.  For example, employees should be well aware of how to avoid clicking on malicious links through emails.

More information is available via the AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector report recently released by CISA, FBI, and HHS and the Fact Sheet: Ransomware and HIPAA report published by the U.S. Department of Health & Human Services Office for Civil Rights (OCR).

© 2023 Ward and Smith, P.A.. All Rights Reserved.National Law Review, Volume X, Number 307

About this Author

Angela doughty, Ward and Smith, IP Attorney
Trademark Specialist

Angela leads the firm's Intellectual Property practice and is a North Carolina State Bar Board Certified Specialist in Trademark Law.  She routinely counsels and assists clients with identifying, protecting, and enforcing their U.S. and international intellectual property rights; anti-counterfeiting and U.S. Customs matters; Internet and domain law issues, including proceedings before the National Arbitration Forum and World Intellectual Property Organization; website terms of use and privacy policies; branding and franchising agreements; software development and...

Erica B. E. Rogers, Ward Smith, Intellectual Property Lawyer, Copyright Registration Attorney

Erica practices in an array of intellectual property law areas. She assists with copyright and trademark registration, management, and application.

J.D., University of New Hampshire School of Law, 2016. Editor, IDEA: The Journal of the Franklin Pierce Center for Intellectual Property.
B.A., Spanish, Meredith College, 2013
B.M., piano performance, Meredith College, 2013