Sign Up Created with Sketch. Want to receive our thought leadership?     Sign Up

Missouri’s Cass Regional Medical Center (CRMC) was recently hit with a ransomware attack. Existing patients continued to receive care, but incoming trauma and stroke patients were diverted to other facilities. The hospital was forced to shut down its electronic health record (EHR) systems.

The hospital stated that patient information had not been compromised during the episode. It explained that it had had an incident response protocol in place prior to the incident, and activated it within minutes of the attack. Mysteriously, the mechanism of the attack remains unknown. CRMC brought in a cyber forensics firm and contacted law enforcement to assist with the recovery process.

The incident is a vivid reminder that ransomware threats remain a persistent threat in the healthcare sector. Electronic health records are both vulnerable and valuable, which make them the ideal target of opportunity.

However, in minimizing the damage for what could have been a catastrophic incident, it reinforces the value of cybersecurity fundamentals such as:

The CRMC episode illustrates that ransomware continues to pose a significant threat to health care institutions. Their vulnerability is compounded by the extensive use of electronic data systems in the healthcare sector. But it also demonstrates that instituting basic breach-response procedures significantly ameliorate the effects of an attack. With ransomware, an ounce of prevention is worth a pound of cure.

Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or Mike may be reached at 919.783.2851 or

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601 | © Poyner Spruill LLP. All rights reserved.

◀︎ Back to Thought Leadership
What you Need to Know

Read Related Articles