HHS: Ransomware encryption of ePHI is a HIPAA breach

Colorful shelves of paperrecords at a dental clinic Credit: Tom Magliery License: CC BY-NC-SA 2.0

As a growing number of medical facilities are struck by ransomware, the US Department of Health and Human Services (HHS) has published a fact sheet describing how businesses that process electronic Protected Health Information (ePHI) should defend against and respond to ransomware.

Read moreHHS: Ransomware encryption of ePHI is a HIPAA breach

Prevent ransomware from succeeding with strategic defense-in-depth

Thoughtfully placed countermeasures can prevent ransomware like Petya, shown in this screenshot

Ransomware has become the weapon of choice for financially motivated cybercriminals. Individuals, hospitals, businesses, schools, police departments, and government agencies have all been victims of highly disruptive ransomware, resulting in ransom payments totaling at least $24 million in 2015, according to the DoJ and DHS. It doesn’t take much to start a ransomware campaign, and the returns can be extremely high. Fortunately, the steps to prevent ransomware from succeeding are equally simple and low cost.

Read morePrevent ransomware from succeeding with strategic defense-in-depth