Ransomware Protection & Response
for Clinical Labs, Hospitals, and Pathology Groups

Effective Steps for Protecting Your LIS, EHR, and Other IT from an Encryption Attack



Aired August 19, 2021 


How serious is the threat of a ransomware attack to your clinical lab or pathology group?

This is the little-known fact: Each week, several hospitals, clinical labs, and other providers discover that their digital services are encrypted and inaccessible. Even worse: The number of successful encryption attacks is increasing month by month.

Of course, you heard about the Colonial Pipeline ransomware attack in early May 2021 that shut down the supply of gasoline along the East Coast. You may also know about the encryption attack on Scripps Health of San Diego, also in early May, that denied access to many digital services, including the EHR, patient data portal, and patient appointment service (lawsuits are pending). But you don’t hear about most of the weekly encryption attacks on healthcare providers because they are kept secret from the public, with a few exceptions. In fact, it was only when patients complained to the local news media about their lack of access to systems that the public learned that Scripps Health was attacked.

The reason is simple: healthcare providers do not want the public to know that they paid a ransom to obtain the de-encryption key necessary to restore access to their organization’s vital information systems and software. If other hackers knew Scripps would pay a ransom, they would also attack Scripps. Even though it took several weeks for Scripps to restore functionality, they have not issued a statement that they either faced a ransom demand or paid ransom to get the de-encryption key needed to restore access to their digital services.

The lack of awareness and information about what is really happening puts clinical labs and pathology groups at great risk and underprepared. This is why our webinar, Ransomware Protection & Response for Clinical Labs, Hospitals, and Pathology Groups: Effective Steps for Protecting Your LIS, EHR, and Other IT from an Encryption Attack, is a must-attend—not only for you, but for everyone in your hospital, health system, or clinical laboratory that will be working to prevent a ransomware attack or involved in restoring digital services following such an attack. The 90-minute webinar takes place on Thursday, August 19, 2021, at 1 p.m. Eastern, and will be available on-demand after.

Expert Panel

Johnson, Emily McDonald Hopkins crop sm

Emily Johnson

McDonald Hopkins LLC
Chicago, IL

Emily Johnson has significant experience with HIPAA compliance, including drafting HIPAA policies and procedures, breach response and notification, drafting responses to investigations conducted by the Office for Civil Rights, and advising clients on proactive HIPAA compliance and breach prevention. She has assisted clinical laboratories, hospitals, long-term acute care hospitals, community hospitals, physician specialty groups, telehealth providers, surgery centers, healthcare associations, pharmacies, and other healthcare providers on regulatory, licensing, compliance, reimbursement, contractual, and corporate matters. Emily earned a J.D. from The John Marshall Law School in 2010. She received a B.A., Dean's List, from Illinois Wesleyan University in 2005.

Paul Caron Sr Dir Arete 2021 crop sm

Paul Caron

Senior Director, Incident Response
Tampa, FL

Paul Caron is a senior director of incident response at Arete, focused on assisting clients throughout digital forensics and incident response (DFIR) engagements, most commonly in the form of complex ransomware attacks and business email compromise. He has extensive experience responding to these incidents, supporting organizations across multiple sectors, and coaching executives on cybersecurity risk management trends. Prior to joining Arete, Paul was a manager at Pricewaterhouse Coopers (PwC), where he led cybersecurity strategy and transformation projects across a portfolio of Fortune 100 clients. Paul served for 15 years in the U.S. Army, serving in various leadership and operational roles within the Special Operations, Intelligence Community and NATO.


What are the critical decisions and steps for dealing with a ransomware attack or threat to a hospital or health system clinical laboratory or anatomic pathology practice?

Clinical labs are an attractive target of hackers who encrypt their LIS and other systems because, not only might they pay a ransom, but if the hackers extract the patient data before encrypting the digital systems, they can sell individual patient data for between $400 and $1,200 per individual, according to Experian, the credit reporting agency. This means that the single biggest threat to the financial and operational survival of your organization is an encryption attack that denies you access to your information technology while—at the same time—confronting you with a ransom demand for more than $1 million!

At a vulnerable organization, a security incident can occur with or without a breach of protected health information; however, knowing what to do in each scenario is essential to reducing collateral damage to both patients and your organization. The operational and reputational harm components of a breach are many.

The problem is that most clinical laboratory and pathology practice leaders and their teams:

  • Have limited or no access to the legal, information technology, and negotiating experts who can quickly and properly respond to a real ransomware attack or threat
  • Probably have not established the key proactive measures that will prepare their organizations for critical incident response because ransomware attacks are crimes that organizations are just beginning to understand
  • Are not sure what to look for to know that an incident has even happened
  • Need to better understand notification obligations to their organization, regulators, contract partners, and patients, in the event of a breach or security incident

Ransomware Protection & Response for Clinical Labs, Hospitals, and Pathology Groups: Effective Steps for Protecting Your LIS, EHR, and Other IT from an Encryption Attack will help to educate the lab and broader community on how to address the surging risk of a ransomware attack—both proactively and in response. Join us for this 90-minute webinar Thursday, Aug. 19, at 1 pm Eastern to hear from experts Emily Johnson of the law firm McDonald Hopkins, and healthcare cybercrime defense expert Paul Caron from Arete, who are contacted for help each week by multiple hospitals, labs, and medical clinics that were attacked, had their digital systems encrypted, and received a ransom demand of hundreds of thousands or even millions of dollars from hackers. They’ll cover crucial best practices designed to provide training and decision-making skills for handling a ransomware attack on hospital and health system clinical laboratories and anatomic pathology practices.

Webinar Takeaways

Webinar participants will benefit from this exclusive Dark Daily webinar by covering these critical topics and takeaways:

  • Legal issues triggered by a ransomware attack: What to do both when an incident is not a breach and when it is a breach.
  • Your obligations in response to a ransomware attack: HIPAA privacy and other regulatory rules, contractual arrangements (e.g., reference labs), and crisis communication to patients and other stakeholders
  • Forensic investigations: What happens after an incident and/or breach and when to conduct a risk analysis walkthrough
  • Three essential proactive breach mitigation strategies
  • Effective policies, procedures, and training that providers—particularly clinical laboratories and anatomic pathology practices—should have in place now
  • Signs of an incident and methods of intrusion
  • Data and analytics from real-world ransomware cases
  • Approaches to information technology response and resources providers will need following encryption of IT systems
  • How to establish an effective ransomware attack incident response team and incident response
  • Legal analysis and case study of a ransomware attack on a clinical laboratory and the decision-making steps involved
  • Best practices for responding to and negotiating with the ransomware perpetrators—including the expected “etiquette” in dealing with cybercriminals—and collaborating with consultants who are experienced with how to deal with ransomware demands
Webinar image right

Who should attend?

  • Laboratory directors and managers
  • Laboratory supervisors and team leaders
  • Laboratory owners
  • Hospital and health system lab leaders
  • Integrated health system leaders
  • Laboratory CIOs
  • Lab IT directors
  • Safety and compliance officers
  • Anatomic pathology laboratory managers and administrators

Your registration includes:

  • The opportunity to pose specific questions and connect directly with speakers during a Q&A session
  • Access to the post-webinar recording

Hosted By

dark daily logo-no tags-FIT-white