Take Precautions to Avoid Ransomware Intrusions and Adverse Consequences


compliments of acronis.com

August 9, 2017. The September 2017 issue of Consumer Reports has an article in the Ask Our Experts section entitled: “How do ransomware attacks work? And if one happens to me, should I pay?” Here is part of the excellent answer:


“The best offense truly is defense, when it comes to security. [Russell Vines, Consumer Reports’ director of information security] advises regularly backing up your files to the cloud or another drive. That way, if your computer does get ransomed, you can wipe the infected device’s hard drive and start over…. Also, always install security updates promptly and be alert to ‘phishing’ scams that come by email. According to the IBM X-Force research team, 40 percent of the spam emails they analyzed in 2016 contained ransomware. That’s up from an average of just 0.6 percent in 2015.”


HIPAA Integrity® recommends making redundant retrievable backups. Backups that maintain the integrity of protected health information are required under the HIPAA Security Rule Administrative Safeguard provision, and, if you use an external source such as the cloud or a secure database center, be sure to encrypted the PHI in motion (transmission).


Also, HIPAA Integrity® recommends that you verify the sender’s email address before opening an email or downloading an email attachment. Even with updated security updates or patches in place in a timely manner, a name of a person or entity known to you could have been compromised. The email spam statistic above shows how important that verification is to minimize as much as possible the incidence of ransomware attacks.


Consumer Reports provides online an article entitled: “How to Restore Backed-Up Data After a Ransomware Attack,” for various Microsoft Windows Operating System versions.


An online August 1, 2017, article by Judy Greenwood in Business Insurance reinforces the information above based on information from London-based insurer Beazley P.L.C. According to the article, “Beazley had reported in its year-end report that ransomware among its clients more than quadrupled in 2016 over 2015’s total,” and that “[r]ansomware attacks continued to grow in 2017… increasing by 50% the first half [year] over the comparable period a year ago. Hacking and malware attacks, which included ransomware, accounted for 32% of the 1,330 incidents Beazley Break Response Services reported in the first half [year].”


Additional information is available in “Beazley breach insights—July 2017,” which reports that “accidental breaches caused by employee error or data breached while controlled by third party suppliers continue to be a major problem, accounting for 30% of breaches overall, and 42% of healthcare incidents.” Beazley concludes:


“This continuing high level of accidental data breaches suggests that organizations are still failing to put in place the robust measures needed to safeguard client data and confidentiality. Since 2014, the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing. As more stringent regulatory environments become the norm, this failure to act puts organizations at greater risk of regulatory sanctions and financial penalties.”


Organizations must up their game on safeguard training in order to stem the increase in phishing with adverse consequences. Visit the Office for Civil Rights (OCR) Resolution Agreements Website to see the regulatory consequences of failure to safeguard PHI from breach.



  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)