Hackers’ Ransom Attack On California Hospital More Proof Healthcare Cybersecurity Is Floundering

February 17, 2016

Jeff Stone

With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues. Though no whistleblower retaliation statute deals directly with the topic, the Sarbanes-Oxley Act will often protect cybersecurity professionals who work directly for public corporations or those corporations’ service providers. Yet further, the Dodd-Frank Act could allow information security workers to receive a whistleblower reward for reporting cybersecurity concerns to the SEC or CFTC, in some cases.

However, the relationship among cybersecurity issues, SOX, and the Dodd-Frank Act is not yet clearly defined. Accordingly, information security professionals should educate themselves about whistleblower protections. Doing so could make the difference between being protected, receiving a whistleblower reward, or suffering retaliation without recourse.

- See more at: http://www.natlawreview.com/article/protections-and-rewards-cybersecurity-whistleblowers#sthash.Nu5uovJe.dpuf

Who would have thought that, for healthcare professionals, performing surgery, working long hours and navigating the dense world of U.S. health law would be easier than protecting hospital computer networks? That, however, appears to be the case after yet another hospital was victimized in a cyberattack. It’s just the latest example of a U.S. medical provider on the wrong end of a digital assault made possible by a lack of security measures.

Doctors at Hollywood Presbyterian Medical Center, in southern California, have been suffering serious computer issues for at least a week, the CEO announced Sunday. Doctors have been unable to digitally access patients’ medical records, staff has been communicating via fax machines and patients have reported long delays in receiving care. It’s all the result of a cyberattack carried out by unknown hackers who are demanding 9,000 bitcoins (roughly $3.4 million) to restore the system to normal.

Hollywood Presbyterian’s CEO told NBC, “Patient privacy has not been compromised,” though the attack again highlights the healthcare sector’s inability to prepare for modern security threats. At least part of the problem is a lack of funding, with the U.S. Department of Health and Human Services asking for $262 million in information security funding under the 2016 budget (a 23 percent increase from 2015). That request wasn’t fulfilled in the final budget omnibus bill that passed in December, though the omnibus does require the department to convene a task force to respond to cybersecurity threats.

Read Full Article