News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Comments on Data Breach Notifications Involving Ransomware Attacks

HealthCare Info Security
September 14, 2016

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a September 13 HealthCare Info Security article regarding new HHS guidance specifying when health care organizations must notify patients and the government of a data breach resulting from a ransomware attack. Two organizations recently notified affected patients of data breaches linked with ransomware and, according to the article, this may lead to a rise in ransomware-related notifications. Ransomware, a type of malicious software, is designed to prevent an organization from accessing its own data unless a ransom is paid.

Mr. Nahra said the new guideline “is pushing more people to give notice of ransomware attacks. There still is some real question about whether notice actually makes sense, since often the data is essentially ‘frozen’ or ‘locked’ rather than taken, but that is the way the guidance pushed.”

Mr. Nahra added: “We can expect there to continue to be confusion about appropriate notice steps, appropriate mitigation, what is and what isn’t ransomware, and the full range of issues associated with this concern. The best advice is to simply use this as an opportunity and an incentive to beef up your overall security program.”

To read the full article, please click here.