News & Insights

Cyber Series Part 1: Elementary Ransomware

May 19, 2021

By Kenneth E. Rhea, M.D., FASHRM

Cyber Series Part 1: Elementary Ransomware
SHARE :           

Malware. Noun. Software that is specifically designed to disrupt, damage or gain unauthorized access to a computer system.

Recently a pediatric clinic in Louisiana opened to see scheduled patients only to find that no patient records could be accessed through their EHR system. A message appeared demanding payment to unlock the patient files that had been encrypted. The locked files included patients’ medical records, sensitive demographic information and clinical information, like the names of treating physicians, diagnoses, lab results and medications.

The clinic had just experienced a malware attack known as ransomware that infected its electronic medical records (EMR) system. However, even practices with no EMR or patient portals are at risk of suffering from a ransomware attack. Internet access is all that a criminal needs to infect a practice’s computers and networks. 

Ransomware is malware that infects a computer or network by encrypting files and rendering them unusable until some demand is satisfied and the criminal gives the victim instructions to unlock the files. Ransomware is a real threat to every industry and can cause massive economic disruptions (the recent pipeline ransomware event is one example). Surprisingly, most cybercriminals are able to install ransomware using basic methods, such as having targets click on links in emails, text messages and websites on personal or work devices connected to the victim’s network or internet connection.

Ransomware is worldwide. The first instances were reported in Russia in 2005 but have now spread to all countries. In September 2013, a software program called Cryptolocker surfaced and targeted all Windows operating system versions through email. The software infected hundreds of thousands of personal and business systems, successfully extorting millions from victims. One German hospital experienced an incident in 2020 that forced the hospital to send patients to another hospital an hour away, where one patient died. While an investigation showed the hour delay in care did not cause that patient’s death, cyber experts believe it is a matter of time before ransomware events cause physical harm to patients. 

Ransomware can be simpler, too. One version threatens the victim by claiming that the victim’s personal files will be exposed or that a virus will be installed unless payment is made. Another version uses social media direct messaging to target victims. Millions of dollars have been paid in response to these various threats. Payment demands range from $100 to thousands of dollars. The pricing is usually higher if the criminal knows the value of the information involved, such as protected health information (PHI), which is valuable for further fraudulent use.  

Risk Mitigation Strategies

Ransomware is a billion dollar a year industry for cybercriminals with an estimated ransomware attack occurring every 40 seconds. Attacks have only increased during the COVID-19 public health emergency. Losing PHI in ransomware attacks can be devastating. Beyond paying the demand and potential HIPAA breach penalties, some practices never recover and completely close.

Cybercriminals need a method of entering computer systems to carry out the attacks. Protective measures include awareness of the problem and prior planning, and some of the most effective measures are simple:

  • Never click on links that you receive in unsolicited texts or emails
  • Install virus and malware detection software
  • Perform ongoing security risk analysis
  • Develop a cybersecurity incident response plan (CIRP)
  • Provide regular workforce training

In the event of an attack, immediately remove affected computers from the networks. Contact your cyber insurer and initiate your CIRP. 

In the case of the Louisiana pediatric clinic referenced above, their response included FBI notification, patient advice to register fraud alerts with credit companies, and to monitor credit card statements and credit bureau reports.

For further cybersecurity information on this subject and others, LAMMICO insureds can access the TMHCC CyberNET®, an advanced cyber risk management resource center provided by LAMMICO in partnership with cyber risk experts, Tokio Marine HCC Cyber & Professional Lines Group. The TMHCC CyberNET® resource is accessible at no additional cost to LAMMICO insureds via their Member account on

For more information or questions, contact the LAMMICO Risk Management and Patient Safety Department at 504.841.5211. Keep an eye out for Part 2 of our Cyber Series in an upcoming edition of The LINK.

Annual Reports:

Receive Regular Updates: