home > News and Publications > Publications
Global Ransomware Attacks Sound the Alarm for Illinois Physicians
Posted on: 5/24/2017

Learn about required HIPAA rules pertaining to ransomware & how to safeguard your data.

Just two weeks ago, unknown hackers went on a rampage and orchestrated the biggest cyberattack in recent history, reaching more than 200,000 organizations in 150 countries.

Ransomware attacks and cyber extortion are some of the biggest threats facing health information security today. In fact, since early 2016, there have been 4,000 ransomware attacks each day – with nearly 50 percent of those related to health care.

Physicians must now report ransomware attacks as a breach – or face hefty fines.

Physicians need to be aware of new HIPAA privacy rules specific to ransomware that took effect July 2016, as directed by the Department of Health and Human Services' Office of Civil Rights (OCR):

When a covered entity or business associate experiences a software breach known as ransomware, the incident is presumed to be a reportable breach (unless proven otherwise).

In other words, failure to appropriately report ransomware as a software breach will result in significant fines.

Learn more with ISMS' Issue Brief, Privacy Protection in the Digital Age: The Threat Posed by Ransomware. This resource explains OCR's change to HIPAA rules and also offers strategies on how medical practices can improve their security to safeguard their electronic protected health information (ePHI).

Related: The U.S. Department of Health and Human Services released HIPAA guidance in 2016 to help health care professionals better understand and respond to the threat of ransomware.

Questions? Call the ISMS Division of Member Advocacy at 800-782-4767 ext. 1470 or send an email.


This ISMS Issue Brief is password protected.

If you need to request a username and password, contact online support at 888-476-7776 or onlinehelp@isms.org between 8:30 a.m. and 4:45 p.m. After-hours requests are answered promptly the next business day. You may also register online or retrieve your username or password .

Cyber Liability by the numbers

Access ISMS' infographic on cyber liability




View Full Site View Mobile Site