The Office for Civil Rights (OCR) guidance: “FACT SHEET: Ransomware and HIPAA”[1] defines ransomware as:
“Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, the ransom to the hacker (usually in a cryptocurrency, such as Bitcoin) in order to receive a decryption key.
However, hackers may deploy ransomware that also destroys or exfiltrates[2] data, or ransomware in conjunction with other malware that does so.”
To unpack the dense language above – it is a bad actor, a hacker, who puts his or her electronic hand into your network or data center and locks up your organization’s data until you pay them a ransom in some form of money.
Tags: healthcare • Security