Ransomware is a virus that is installed in a computer system without the knowledge or intention of the user. This virus then encrypts the user’s files or network access which can grind business operation to a halt. The distributor of this virus will then threaten the impacted user with permanent encryption or similar harm if the user does not pay a ransom.
An extremely important item to consider is that ransomware is not random – the delivery of this virus is to targeted victims. Furthermore, it has been found that 71% of organizations targeted by ransomware end up infected! A study on ransomware infections by Symantic found the infection events have occurred between 23,000 and 35,000 times a month with a shocking spike to 56,000 events in March of 2016.
The FBI put forward a public service announcement in September of 2016 which provides valuable background information and advice on preventative measures a business should take to minimize harm from the event and prepare for response: Public Service Announcement
Complicating measures for Dentists and healthcare providers who must abide by HIPAA regulations is that the presence of ransomware (or any malware) is indeed a security incident under the HIPAA Security Rule. As such, once a ransomware event is detected, a covered entity must begin the security incident and response/reporting procedures. The Department of Health and Human Services released a very helpful Fact Sheet which details the intersection of ransomware and HIPAA regulations: Ransomware Fact Sheet
Thankfully new cyber insurance policies are available to protect against significant harm from these events. If you have any additional questions or interest in a cyber insurance policy, contact Professional Insurance Programs at 800-637-4676 or firstname.lastname@example.org.