|Articles|April 8, 2021

Compliance suggestions for mitigating ransomware attacks, aftermath

In light of a major insurance company recently being hit with ransomware, the importance of protection, detection, and correction cannot be over emphasized.

Last month, a Physicians Practice article of mine highlighted the surge in ransomware attacks over the past year. In light of CNA’s, the seventh largest commercial insurance company, announcement that it “sustained a sophisticated cybersecurity attack [Phoenix Cryptolocker]” which “forced [it] to take systems offline and temporarily shutter its website” highlighting some key items that all persons should have in place when formulating ransomware policy and procedures is the focus of this article.

Trending: 2021 Remote Patient Monitoring Changes: 10 key takeaways for practices

In March, the FBI Phoenix Field Office issued a warning about ransomware attacks, which are “a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.” These attacks are becoming increasingly sophisticated, often occur at night and on the weekends, and may also involve state actors. This is relevant because, as the checklist below reveals, one of the primary steps is to contact law enforcement before paying a ransom.

The FBI recommends never paying the ransom, as there is no guarantee that the scammer will send you the decryption key. Beyond that, the money you pay may be used to fund organized crime activity or acts terrorism while encouraging the future criminal activity by these cyber thieves.

In light of the uptick in and increasing severity of ransomware attacks, the following items should be considered as part of any ransomware checklist:

Read More: How to ensure a viable future for community-based specialty practices

Item

Prevention

Post-Attack (Detection & Correction)

Comprehensive Policies and Procedures

Contact the FBI and other relevant law enforcement (ic3.gov)

Adequate technical, administrative, and physical safeguards

Contact supervisor and IT if detected by an employee.

This list is not meant to be comprehensive; however, it is a good starting point for any organization. The costs to any healthcare provider, business associate, or subcontractor can be significant. In addition to government investigations and penalties, class action lawsuits are time consuming and financially significant. Overall, it is imperative to implement adequate safeguards to detect ransomware attacks and be ready to respond in the event that one happens.

About the Author

Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.

Newsletter

Optimize your practice with the Physicians Practice newsletter, offering management pearls, leadership tips, and business strategies tailored for practice administrators and physicians of any specialty.

Subscribe Now!

Related Content

Latest CME

Cases and Conversations™: Applying Best Practices to Prevent Shingles in Your Practice
Video

Cases and Conversations™: Applying Best Practices to Prevent Shingles in Your Practice

Paul G. Auwaerter, MD, MBA; Paul P. Doghramji, MD, FAAFP; Aruna Subramanian, MD

View more
Clinical Consultations™: Addressing Elevated Phosphate Levels in Patients with END-STAGE Kidney Disease (ESKD)
Video

Clinical Consultations™: Addressing Elevated Phosphate Levels in Patients with END-STAGE Kidney Disease (ESKD)

Anil K. Agarwal, MD, FACP, FASN, FNKF, FASDIN; Jay B. Wish, MD

View more
Advances In: Managing Hyperphosphatemia in Chronic Kidney Disease – Bridging Treatment Gaps With Novel Therapies
Multimedia

Advances In: Managing Hyperphosphatemia in Chronic Kidney Disease – Bridging Treatment Gaps With Novel Therapies

Glenn M. Chertow, MD, MPH; Anjay Rastogi, MD, PhD

View more
SimulatED™: Understanding the Role of Genetic Testing in Patient Selection for Anti-Amyloid Therapy
Case-based Simulation

SimulatED™: Understanding the Role of Genetic Testing in Patient Selection for Anti-Amyloid Therapy

Nicholas Doher, DO; Babak Tousi, MD

View more
Burst CME™: Addressing Inadequate Response to Anti-TNF Therapy in Patients With Rheumatoid Arthritis
Multimedia

Burst CME™: Addressing Inadequate Response to Anti-TNF Therapy in Patients With Rheumatoid Arthritis

Jeffrey A. Sparks, MD, MMSc

View more
Community Practice Connections™: Cases and Conversations – Keeping Up with Novel Approaches to Managing ANCA-Associated Vasculitis
Multimedia

Community Practice Connections™: Cases and Conversations – Keeping Up with Novel Approaches to Managing ANCA-Associated Vasculitis

Frank B. Cortazar, MD; Lindsay S. Lally, MD

View more
Burst CME: Targeted Therapy for Optimal Psoriasis Management
Video

Burst CME: Targeted Therapy for Optimal Psoriasis Management

Tina Bhutani, MD

View more
Cases and Conversations™: A Horizon View of Continuous Monitoring Systems for Diabetes Management
Video

Cases and Conversations™: A Horizon View of Continuous Monitoring Systems for Diabetes Management

Diana Isaacs, PharmD, BCPS, BC-ADM, BCACP, CDCES, FADCES, FCCP; Anders Carlson, MD; Jennifer B. Green, MD

View more
Progress in Hyperlipidemia Management to Reduce ASCVD Risk: An Illustrated Update
Video

Progress in Hyperlipidemia Management to Reduce ASCVD Risk: An Illustrated Update

Nihar R. Desai, MD, MPH; Martha Gulati, MD, MS, FACC, FAHA, MASPC, FESC, FSCCT (hon), FRCP Edin

View more
Contact Info

259 Prospect Plains Rd, Bldg H
Cranbury, NJ 08512

609-716-7777

Brand Logo

© 2025 MJH Life Sciences®

All rights reserved.

Home
About Us
News
Contact Us