ARTICLE
21 March 2017

Advice To Healthcare Providers On Ransomware From The Head Of The FBI

M
Mintz

Contributor

Mintz is a general practice, full-service Am Law 100 law firm with more than 600 attorneys. We are headquartered in Boston and have additional US offices in Los Angeles, Miami, New York City, San Diego, San Francisco, and Washington, DC, as well as an office in Toronto, Canada.
On Wednesday, March 8, James B. Comey, Director of the FBI, was at Boston College to deliver the keynote address for the inaugural Boston Conference on Cyber Security (BCCS 2017).
United States Food, Drugs, Healthcare, Life Sciences

On Wednesday, March 8, James B. Comey, Director of the FBI, was at Boston College to deliver the keynote address for the inaugural Boston Conference on Cyber Security (BCCS 2017).  Director Comey addressed various industry, cyber security, FBI, law enforcement and military experts in attendance regarding current cyber threats to both industry and government assets and the FBI's approach to confronting them.   During his remarks, Director Comey was asked to opine on the biggest cyber threat to healthcare providers, to which Comey quickly responded, "ransomware."

Ransomware is malware that installs covertly on a computer, tablet, or other mobile device and encrypts the victim's data, preventing access unless and until the victim pays the ransom, typically in the form of bitcoins. Healthcare providers are appealing ransomware targets because they are dependent on immediate access to real time data in order to care for their patients.  For those same reasons, healthcare providers often elect to pay the ransom to unlock their records, making them a lucrative target for hackers.  Director Comey's advice to health care providers was twofold:

Never Pay Ransom: The advice to never pay ransom was echoed by a number of intelligence and security experts during BCCS 2017. According to Director Comey, the payment of ransomware by one healthcare provider emboldens attackers and proliferates the attacks, placing other healthcare providers at risk.

Maintain Adequate Backup Systems:  Comprehensive business continuity plans and data backup are the only surefire way to continue critical operations following a ransomware attack and avoid paying ransom.

Director Comey also encouraged healthcare providers to work closely with the FBI by reporting all manner of cyberattacks, noting that industry and law enforcement collaboration is key to combatting cybercrime.

Cynthia Larose, Chair of the Mintz Levin Privacy and Security Practice Group, and one of three Mintz Levin attorney speakers at BCCS 2017, emphasized the importance of data backup, but also the importance of testing business continuity and data back up plans before a disaster.  "An ounce of prevention can prevent a million headaches,"  she said.

We've previously described the impact of ransomware in the healthcare industry in a number of blog posts.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More