Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
AP Photo/Damian Dovarganes,
Large ransomware attacks — in which hackers encrypt hospitals' data, then make them pay to de-encrypt it — aren't always reported to the Health and Human Services Department. The Wall Street Journal has an interesting dive into the reporting rules for health-care hacks, which only require companies to notify HHS when patients' medical or financial data has been exposed.
Why it matters: Hospitals don't want the expensive black eye that can come with the public disclosure of a big data breach. But public reporting is one of the key ways that hospitals learn from each other's misfortunes. In a field that's incredibly vulnerable to cyberattacks, striking that balance is critically important.