The GCS Blog

HHS Advises Healthcare Organizations on Ransomware

Posted by Joe Gleinser on Aug 4, 2016 2:57:37 PM
Find me on:

The Health and Human Services (HHS) department has released new guidance clarifying the responsibilities of healthcare organizations following a ransomware infection.  In brief they must treat ransomware infections like a breach in most cases.

The critical part in this guidance from HHS is that ransomware infection “usually results in a ‘breach’ of healthcare information under the HIPAA Breach Notification Rule.”  The guide also adds that “entities experiencing a breach of unsecure PHI must notify individuals whose information is involved in the breach, HHS, and, in some cases, the media.

Ransomware is a disturbing and very real malware threat targeting companies of all types and sizes. A recent U.S. Government interagency report counts 4,000 daily strikes. This is up from the 1,000 attacks per day seen in 2015. GCS has experienced at least a 4x increase in attacks in 2016 over 2015.

The only assistance offered in this HHS report is focused on the basics – good backups, user training, anti-virus/anti-malware tools, limited access and updated risk analysis.

  • Good Backup: A backup system that maintains multiple, complete copies of all data including operating systems, applications, databases and files. These must be stored offsite and onsite.
  • User Training: Security training is a must for all organizations. This can be done on the web cost effectively.
  • Anti-Virus/Anti-malware: Few healthcare organizations are not currently covered by some anti-virus software, but few ransomware infections are caught by anti-virus. This is mostly an ineffective strategy.
  • Risk Analysis: Most organizations have completed a HIPAA risk analysis but substantial changes, including the threats posed by ransomware, demand a reassessment. What was good enough last year is probably not enough this year. 

For a technical, step-by-step guide to recovering from ransomware, see here:


Topics: toptechproblems, Security, ransomware, opendns