Ransomware is used by cybercriminal to require payment from a practice by demanding quick and direct payment to release information that has been encrypted. Ransomware attacks have quadruped this year, averaging 4,000 per day, according to the Justice Department. HHS has put out a “Fact Sheet” on “Ransomware and HIPAA” which treats ransomware as a notice-triggering data breach by default, unless it is determined via a breach risk assessment not to constitute or involve such a breach. There are key protections such as safe, segregated, and reliable backups and patching, monitoring, and training to avoid phishing. If your system is attached with Ransomware contact your IT vendor or in house service immediately, Make sure you also contact your HIPAA Privacy and Security officer to evaluate how this situation should be classified. This is more about the control of systems rather than breaches of personal information. As always review your policies and procedures and update and educate your workforce as needed.