National

Large ransomware attacks — in which hackers encrypt hospitals' data, then make them pay to de-encrypt it — aren't always reported to the Health and Human Services Department. The Wall Street Journal has an interesting dive into the reporting rules for health-care hacks, which only require companies to notify HHS when patients' medical or financial data has been exposed.

Why it matters: Hospitals don't want the expensive black eye that can come with the public disclosure of a big data breach. But public reporting is one of the key ways that hospitals learn from each other's misfortunes. In a field that's incredibly vulnerable to cyberattacks, striking that balance is critically important.

The hospital hacks you don't hear about

Hospitals don't always have to notify HHS when patient data is held hostage.

Health Care

Business

Large ransomware attacks — in which hackers encrypt hospitals&#x27; data, then make them pay to de-encrypt it — aren&#x27;t always reported to the Health and Human Services Department. The Wall Street Journal has an <a class="gtmContentClick" data-vars-link-text="interesting dive" data-vars-click-url="https://www.wsj.com/articles/why-some-of-the-worst-cyberattacks-in-health-care-go-unreported-1497814241?utm_campaign=KHN%3A%20First%20Edition&amp;utm_source=hs_email&amp;utm_medium=email&amp;utm_content=53268059&amp;_hsenc=p2ANqtz-93jZAnLCVvyXA8btfi08EZjVxclcDzn0d6G29rBMeZ--F6FEHHscRX9ECG48ph7UNIYWVcdNLPfWkRSFUQ_NxBswcz1A&amp;_hsmi=53268059" data-vars-content-id="5554ef7d-2836-4d60-b67e-17c00e4b37df" data-vars-headline="The hospital hacks you don&#x27;t hear about" data-vars-event-category="story" data-vars-sub-category="story" data-vars-item="in_content_link" href="https://www.wsj.com/articles/why-some-of-the-worst-cyberattacks-in-health-care-go-unreported-1497814241?utm_campaign=KHN%3A%20First%20Edition&amp;utm_source=hs_email&amp;utm_medium=email&amp;utm_content=53268059&amp;_hsenc=p2ANqtz-93jZAnLCVvyXA8btfi08EZjVxclcDzn0d6G29rBMeZ--F6FEHHscRX9ECG48ph7UNIYWVcdNLPfWkRSFUQ_NxBswcz1A&amp;_hsmi=53268059" target="_blank">interesting dive</a> into the reporting rules for health-care hacks, which only require companies to notify HHS when patients&#x27; medical or financial data has been exposed.Why it matters: Hospitals don&#x27;t want the expensive black eye that can come with the public disclosure of a big data breach. But public reporting is one of the key ways that hospitals learn from each other&#x27;s misfortunes. In a field that&#x27;s incredibly vulnerable to cyberattacks, striking that balance is critically important.

The hospital hacks you don't hear about

Go deeper