HIPAA Blog

[ Wednesday, February 05, 2020 ]

 

1. Ransomware: Many companies who are hit by ransomware don't pay the ransom and their data is deleted.  In the old days, that was the end of the story.  Now, some ransomware variants (the currently popular Maze, for example) will actually steal the data, not just encrypt it.  It seems that some of those ransomware hackers are punishing the non-ransom-paying victims by publishing and/or selling the data they have stolen. Of course, there are some healthcare entities in the mix; obviously, they might have some HIPAA reporting obligations. . . .

2. More Ransomware: Of course, even if your ransomware attack doesn't steal your data, if you don't pay the ransom (and sometimes even when you do) by the deadline and the decryption key is deleted, the data is lost forever.  That's apparently the case with Fondren Orthopedic in Houston, and some others as well.

3. Texting and HIPAA: This isn't a good mix from a HIPAA perspective for a couple of reasons, but it's not actually prohibited.  And for some patients, texting is their preferred, if not only, effective means of receiving communications from their providers.  When the rules aren't clear, what's a provider to do?  One option is to ask HHS to provide some guidance, and that's what some are doing. We will see if there's a response. . . .

Jeff [1:31 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template