Although it was widely reported that several ransomware threat actor groups have pledged to not target healthcare providers until the COVID-19 pandemic is over, BakerHostetler’s Digital Assets and Data Management Practice Group and Healthcare Privacy and Compliance team continue to see ransomware attacks launched against healthcare providers.

In order to combat the COVID-19 pandemic, healthcare providers have had to radically change their normal business processes, which could make them more vulnerable to ransomware attacks.

Workforce Changes Create Potential Vulnerabilities

The response to the COVID-19 pandemic has required healthcare providers to make difficult choices related to workforce staffing. Some healthcare providers have been forced to furlough or lay off nonessential workforce members. Healthcare providers also are permitting some workforce members to work remotely. As previously reported by the Data Privacy Monitor, having a reduced workforce and a remote workforce could put healthcare providers more at risk for cybercrime, including ransomware attacks.

Allocation of Funds to Cybersecurity May Be Reduced as Revenues Fall

In addition, many healthcare providers have drastically reduced the amount of services that they are offering while addressing the COVID-19 pandemic. This means that many healthcare providers are experiencing a significant decrease in revenue, as they are not providing the outpatient services and elective procedures that they rely on for their operating budgets. A shortfall in revenue might force healthcare providers to make difficult decisions regarding resource allocation, including for cybersecurity measures. In addition, having less revenue could hurt cash flow and the ability for healthcare providers to access cash should they experience a ransomware attack and need to pay the ransom to access their critical data.

Preparing for a Potential Ransomware Attack or Other System Disruption

While healthcare providers are devoting most of their resources to combating COVID-19, it is essential that they are also prepared in the event of a system disruption such as a ransomware attack.

Healthcare providers should review and revise (if necessary) the downtime procedures that would be implemented in the event they experience a disruption to or shutdown of their IT infrastructure for several days or weeks, which could happen as a result of a ransomware attack. With the United States reporting more than 20,000 new COVID-19 cases per day, it is vital that healthcare providers have procedures in place to continue treating patients in the event that their IT systems are inaccessible.

Healthcare providers should have funds available in the event of a large, unexpected expenditure, such as a ransom demand. Although many healthcare providers have cyber insurance, which can include coverage for ransom payments, it is often the healthcare provider’s responsibility to pay the ransom demand “up front” and obtain reimbursement from its insurance carrier later. Therefore, it is recommended that healthcare providers allocate funds for use in the event of a system disruption such as a ransomware attack.

For more information and resources on addressing legal issues during the COVID-19 pandemic, please visit the BakerHostetler Coronavirus (COVID-19) Resource Center.