Professional Insurance Programs

Ransomware: A new threat which has rapidly become #1 cyber security concern

Ransomware is a virus that is installed in a computer system without the knowledge or intention of the user.  This virus then encrypts the user’s files or network access which can grind business operation to a halt. The distributor of this virus will then threaten the impacted user with permanent encryption or similar harm if the user does not pay a ransom.

An extremely important item to consider is that ransomware is not random – the delivery of this virus is to targeted victims.  Furthermore, it has been found that 71% of organizations targeted by ransomware end up infected!  A study on ransomware infections by Symantic found the infection events have occurred between 23,000 and 35,000 times a month with a shocking spike to 56,000 events in March of 2016.

The FBI put forward a public service announcement in September of 2016 which provides valuable background information and advice on preventative measures a business should take to minimize harm from the event and prepare for response: Public Service Announcement

Complicating measures for Dentists and healthcare providers who must abide by HIPAA regulations is that the presence of ransomware (or any malware) is indeed a security incident under the HIPAA Security Rule.  As such, once a ransomware event is detected, a covered entity must begin the security incident and response/reporting procedures.  The Department of Health and Human Services released a very helpful Fact Sheet which details the intersection of ransomware and HIPAA regulations: Ransomware Fact Sheet

Thankfully new cyber insurance policies are available to protect against significant harm from these events.  If you have any additional questions or interest in a cyber insurance policy, contact Professional Insurance Programs at 800-637-4676 or