To pay or not to pay?
For healthcare IT managers facing a ransomware attack that threatens valuable patient and research data, that’s the question. The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult choice.
Sturdy Memorial Hospital in Massachusetts says that on Feb. 9, it identified a security incident that disrupted the operations of some of its IT systems, according to GovInfo Security.
“In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed," the organization said in a statement. The hospital reported the incident to law enforcement officials and regulators. The Department of Health and Human Services' HIPAA Breach Reporting Tool website says the incident affected the protected health information of nearly 57,400 individuals.
The hospital says its analysis of the incident determined the stolen files contained information belonging to Sturdy patients, as well as some patients of several local healthcare providers.
What 'Light' Daily Cleaning of Patient Rooms Misses
Sprinkler Compliance: Navigating Code Mandates, Renovation Triggers and Patient Safety
MUSC Board of Trustees Approves $1.1B South Carolina Cancer Hospital
Study Outlines Hand Hygiene Guidelines for EVS Staff
McCarthy Completes $65M Sharp Rees-Stealy Kearny Mesa MOB Modernization