<- Back to Insights
January 24, 2024
Patients Extorted Over Photos Sue Doctors for Security Failures
Bloomberg Law
|
Contributed by: Drex DeFord
Summary
Hackers are directly targeting patients in ransomware attacks against healthcare providers, seeking payments to prevent publicizing personal medical information. Post-cyberattack lawsuits show a shift from targeting hospitals to patients for payments up to $50. Cybersecurity researchers say smaller firms or companies with sensitive data could become prime hacker targets. The potential for personal extortion complicates a providers' preparation and response to breaches. Instances of this have spiked in 2023 despite fewer victims paying ransom. Lawsuits from patients have accused providers of failing to protect sensitive data and mismanaging the aftermath. Lawsuits also allege negligence, delayed communication and breach of contract. Agencies are trying to convince entities like universities, local governments, and companies to protect their networks. Ransomware attacks are less fruitful, making stealing data more viable. Hackers are turning attention to smaller medical targets for easy attacks. As encryption becomes more sophisticated, traditional methods of demanding payment to access data aren't as effective. With medical data almost impossible to retrieve once published online, victims are seeking legal relief. Healthcare organizations are advised to enhance their security incident disclosure programs. Introduction of stricter security protocols in policies and increased network protections have been steps in warding off attacks. Legal experts say it remains challenging to balance providing accurate information with meeting state and federal regulatory breach notification obligations.
Explore Related Topics