Robert Hudock Quoted in Article, “Keep Your Practice Safe from Hackers’ New Strategy: Extortion”Medical Practice Compliance Alert September 17, 2012
Robert Hudock, a Member of the Firm in the Health Care and Life Sciences practice, in the Washington, DC, office, was quoted in an article titled "Keep Your Practice Safe from Hackers' New Strategy: Extortion."
Following is an excerpt:
The best course of action if hackers encrypt your data and ask for ransom is to report it to the cybercrime division of law enforcement. But to avoid that situation, you can consider the following:
Encrypt your data. The cost of responding to a security incident is more expensive than encryption, says attorney Robert Hudock of Epstein Becker Green in Washington, D.C. If your records are encrypted, the data's confidentiality won't be compromised.
Check that your systems' security patches and antivirus programs are up to date. Many hackers gain access via this vulnerability, Hudock warns.
Use data loss prevention services to scan for patient protected health information (PHI). You may have PHI stored in places you don't expect and no longer need, such as a laptop storing old reports. Those services can clean up those systems, Hudock says. ?...
HIPAA violations. If the hacked files were not encrypted, then the breach of security triggers the breach-notification obligations. The cost of a security breach is now about $250 per record lost, Hudock says.
State laws. In some states, such as California, patients can obtain $1,000 from the provider even if they can't prove they've been damaged by the breach, he says.