Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the industry to tackle, it also faced a surge of ransomware attacks, evolving legal/regulatory considerations, and novel and complex issues presented by pandemic- and technology-driven changes.

The growing wave of ransomware incidents that we saw toward the end of 2019 continued in 2020. Now, however, healthcare organizations are faced with an extra diabolical twist – in addition to the operational disruption, threat actors are now routinely stealing data and threatening to publish it online as an extra inducement for a ransom payment. With this new tactic, which took off in 2020 and is now the norm for nearly all ransomware matters we handle, came much higher ransom demands, longer downtime, and a significant increase in the number of patients requiring notification per HIPAA regulations.