Lawmakers: Feds Should Treat Ransomware as Breaches

June 28, 2016
In The News

June 28 (BNA) - Two House lawmakers today told health privacy regulators that ransomware attacks on hospitals should be treated as data breaches that trigger a federal investigation.

Reps. Ted Lieu (D-Calif.) and Will Hurd (R-Texas) sent a letter to the Health and Human Services Office for Civil Rights, urging regulators to require health-care organizations that experience ransomware attacks to report them to the agency like they would other breaches. In such attacks, malicious software encrypts data on the victim's network so that it becomes inaccessible without the purchase of an electronic key known only to the malware's creator.

Health-care organizations struck by ransomware haven't been reporting them as breaches. Such cyberattacks have become a major issue for health-care organizations since the Los Angeles-based Hollywood Presbyterian Hospital lost access to its electronic health record system for several days in February before paying $17,000 to the group responsible for the attack to unlock its data. Since then, several other hospital systems have reported ransomware attacks this year.

Copyright © 2016, The Bureau of National Affairs, Inc. Reproduction or redistribution, in whole or in part, and in any form, without express written permission, is prohibited except as permitted by the BNA Copyright Policy.