If you are a healthcare provider, you need to prepare yourself now for the new reality that, when hackers get into your network, they will contact your patients to put pressure on you to pay their ransom demands — usually after they have encrypted your network.
Here is an example from a recent case that happened in Florida which uses similar tactics to others we have been seeing more of, detailed in the article, Hackers demand ransom payments from patients of Florida provider:
Patients of Richard Davis, MD, have reported that they have received ransom demands from a cybercriminal who threatens to release their public information if they don’t pay the demand.
* * *
Dr. Davis estimates that the personally identifiable information of up to 3,500 former and current patients may have been exposed due to the ransomware attack. Patients who have been threated with ransom demands are urged to report the incident with the FBI.
Because of this, Dr. Davis had to report this case to the US Department of Health and Human Services’ Office of Civil Rights and now will most certainly face follow-up inquiries or an investigation. He likely had to report it to other regulatory authorities as well, which may also have follow-up inquiries or investigations.
What is even worse, Dr. Davis has to face the threat to his practice that comes from angry patients who may have now lost confidence in his practice. Many will already be aware of the situation but now all will be because he was required to notify them of this data breach, which included this statement:
“I deeply regret that individuals currently or [formerly] under my care have been victimized by this criminal act, and I urge you to monitor your financial information closely. A photocopy of [patients’] driver’s license, home address, email address, telephone number and insurance policy numbers were routinely kept on file for most patients, as well as credit card payment receipts,” Dr. Davis said in a statement.
Are you prepared to deal with this situation in your practice?
Do you have the right cyber insurance coverage to help you deal with all of this?