health

now browsing by tag

 
 

DOJ Emphasizes Adequate Funding in Updated Compliance Guidance | Health Care Compliance Association (HCCA) | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | #

Source: National Cyber Security – Produced By Gregory Evans

Report on Medicare Compliance 29, no. 21 (June 8, 2020)

Whether an organization shows its commitment to compliance with dollars is a new focus of the second update to guidance on evaluating compliance programs from the Department of Justice (DOJ). In its updated Evaluation of Corporate Compliance Programs,[1] released June 1, DOJ indicates that adequate funding of the program and its people helps distinguish between a paper and an active program.

The guidance is used by white-collar prosecutors who evaluate compliance programs when deciding whether to file fraud charges and what the charges should be. Compliance officers also use the guidance to benchmark their organization’s compliance program. DOJ published the first version in 2017 and revised it in April 2019. The Evaluation of Corporate Compliance Programs modifies the Principles of Federal Prosecution of Business Organizations in the Justice Manual.[2]

There are detailed questions about compliance programs in the guidance, which is organized around three “fundamental questions” that prosecutors try to answer when evaluating effectiveness. The 2020 version modified the second question to refocus on resources:

  1. “Is the corporation’s compliance program well designed?“

  2. “Is the program being applied earnestly and in good faith?” In other words, is the program adequately resourced and empowered to function effectively?

  3. “Does the corporation’s compliance program work” in practice?

In elaborating on resources, DOJ explained that “prosecutors are instructed to probe specifically whether a compliance program is a ‘paper program’ or one ‘implemented, reviewed, and revised, as appropriate, in an effective manner.’ [Justice Manual § 9-28.800]. In addition, prosecutors should determine ‘whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation’s compliance efforts.’ [Justice Manual § 9-28.800].”

The emphasis on funding doesn’t come as a shock. “You would have to have adequate resources before you get to adequate or better effectiveness,” said attorney Gabriel Imperato, with Nelson Mullins Broad and Cassel in Fort Lauderdale, Florida.

Prosecutors have always factored in the funding of compliance programs, although it’s significant to see this in writing, said Kirk Ogrosky, former deputy chief of DOJ’s fraud section. “You can have compliance officers who are making a fraction of what other senior executives are making,” he said.

The guidance also encourages organizations to advance compliance at all times, even during an investigation, said former federal prosecutor Robert Trusiak, an attorney in Buffalo, New York. As DOJ states, “In answering each of these three ‘fundamental questions,’ prosecutors may evaluate the company’s performance on various topics that the Criminal Division has frequently found relevant in evaluating a corporate compliance program both at the time of the offense and at the time of the charging decision and resolution.” DOJ reinforces this point when it talks about the risk assessment. “Prosecutors should endeavor to understand why the company has chosen to set up the compliance program the way that it has, and why and how the company’s compliance program has evolved over time.”

In other words, Trusiak said, “effective compliance is not set it and forget it. Compliance is an iterative process.”

DOJ Revises Other Questions

DOJ’s revisions ripple through the rest of the document, which is loaded with specific questions about commitment by senior and middle management, risk assessments, due diligence, communication with employees, oversight of third parties and other hot topics.

For example, the 2019 guidance asked whether the organization’s risk assessment was “current and subject to periodic review? Have there been any updates to policies and procedures in light of lessons learned? Do these updates account for risks discovered through misconduct or other problems with the compliance program?”

The 2020 guidance drills down. “Is the periodic review limited to a ‘snapshot’ in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls?”

There are also more questions about how organizations ensure that policies get in the hands of employees and vendors. For example, “have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?” The stakes also are raised on employee awareness of the hotline. “Does the company take measures to test whether employees are aware of the hotline and feel comfortable using it?”

Imperato noted that DOJ “dwells a fair amount on third-party due diligence” and whether it continues after the deal is done. For example, DOJ asks, “What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post acquisition audits, at newly acquired entities?”

Questions on learning from mistakes were also tweaked. “Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?” There are other changes to questions, including, for example, about training and “monitoring investigations and resulting discipline.”

Imperato said he will attach the updated guidance to his board training, along with other documents. “This automatically becomes the benchmark…for setting up a compliance program and determining its effectiveness.”

Ogrosky noted, however, that even well-funded, effective compliance programs may fail to detect bad actors. “Fraud is a non-self-revealing offense,” he said. “The people who commit fraud at large corporations are doing it to avoid the compliance folks.” He’s referring to flat-out fraud, not a debate about whether an arrangement fits within a safe harbor, for example.

Whether fraudsters inside corporations are unmasked depends more on whether executives ask the right questions vs. looking the other way, Ogrosky said. For example, if a salesperson outperforms his or her peers 50 times over, managers should dig into it. “If a contractor is able to do what no one has been able to do, ask why, because the fraud is not self-revealing.” DOJ will expect the corporation to accept some responsibility for bad actors, even when they have good compliance programs, he said.

1 U.S. Dep’t of Justice, Criminal Div., Evaluation of Corporate Compliance Programs (Updated June 2020), http://bit.ly/2Z2Dp8R.
2 U.S. Dep’t of Justice, Justice Manual, Principles of Federal Prosecution of Business Organizations, § 9-28.000 (2020), http://bit.ly/2GtxXFt.

[View source.]

Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post DOJ Emphasizes Adequate Funding in Updated Compliance Guidance | Health Care Compliance Association (HCCA) | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | # appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | How This Barber Uses His Shop To Improve Black Men’s Mental Health

Source: National Cyber Security – Produced By Gregory Evans

The World Health Organization (WHO) reports that one in four people experience mental illness at some point in their life. For Black people around the world those stats are even more staggering. Research indicates that Black/African Americans are 20% more likely to suffer from psychological distress compared to their white counterparts. Within the Black community, mental health conversations and discussing experiences with conditions like anxiety and depression is still taboo, especially for Black men. The media often depicts Black men as aggressive and violent with few representations of them being vulnerable. These perceptions of how Black men should behave likely play a role in why the mental health stigma persists within the Black community. Black men are expected to be stoic and strong 24/7, which can lead to increased feelings of anger, resentment and isolation. Public figures like Charlamagne Tha God, who wrote a book on his experiences with anxiety, are outspoken advocates for Black mental wellbeing and are starting to open up more conversations about Black mental health. Eric “Kleankut” Dixon is a celebrity barber and mental health advocate who uses his barbershop as an outlet for Black men within the community. Eric sat down to discuss why he started his barbershop, his experiences contracting a rare condition, and the transformative power of therapy.

Janice Gassam: Could you share with the Forbes readers a little bit about you, your background and what made you decide to open up your own barbershop?

Eric “Kleankut” Dixon: Well, I was born and raised in Maryland—P.G. County, Maryland, by way of [Washington] D.C. I grew up here and…I’ve always been an artist…and then eventually I became a barber. Unfortunately, I got into barbering because of an infection I got from an inexperienced barber. It affected my scalp really bad. It caused dissecting cellulitis, it’s a rare germ from uncleaned tools…it was a bad experience so I learned to cut my own hair…which led to me becoming really good at it…it became a passion over time. I love working for myself and I love the art form of cutting hair…the best part of it is to be able to have the ability to make people feel good…and look good.

Gassam: How do you feel your barbershop creates a safe space for Black men to feel comfortable communicating?

Dixon: For someone to come to a barber and allow the barber to cut them, there’s a trust factor that you’re already building with your barber. Then, once you build that trust…it’s a place where men go where they can actually be free and take out their stress…whether it’s from a job, home, family…being able to go somewhere and really unwind…learn from others and even be the one to give knowledge to other people.

Gassam: The life of an entrepreneur is very stressful, so what are some forms of self-care that you utilize and what are some self-care practices that Black men should be taking advantage of more?

Dixon: Well…I go to a therapy myself. Just…to keep me focused. It’s always good to unpack. Some things you can’t just talk about with anybody. A therapist is able to dig deep into discovering who you are…so you can be better mentally…I definitely go to my therapist. Honestly, my job can be hard on the body a little bit. I go and I get great massages. I love it! It takes all the tension out of you…also for me, I’m an artist. I like to draw; I like to paint…I love music. I have different playlists for different moods. It relaxes me. I’m starting to read a lot more books as well.

Gassam: How do you use your platform to serve within your community?

Dixon: Now that I’ve realized that I can be a part of helping someone, what I’m doing currently is I am in class to become a Certified Advocate. So, I can be able to assist properly…I know a few therapists that are in the area…having conversations with therapists to have a better understanding of how I can help…being able to connect with other therapists so I can actually have an idea of where I can send Black men who are seeking help…I want to get the information on cost and how to seek the right therapist. Me being that person where, me being transparent about myself and being able to guide someone in the right direction.

Gassam: What are some resources you would recommend for someone reading this interview who wants to speak with a therapist but who has never had one before?

Dixon: I’m having a conversation and trying to figure out how can we help and make therapy more accessible and more affordable as well…there’s Therapy for Black Men…there’s [also] therapy via the web where you can talk to a Black therapist in other states. I know a few folks who do therapy sessions over the computer…what I want to do is get a group of therapists who are interested in creating something that is more accessible and affordable for people…when it comes to searching for a therapist, sometimes certain therapists…you’re not going to feel comfortable with…it’s important to feel like you can be comfortable…that’s the key. Being able to vibe well with that therapist. If you don’t, then it’s okay…that’s one of the main things you have to have with your therapist—being able to get a good vibe and be comfortable.

To learn more about Erik “Kleankut” Dixon, click here.

This interview has been lightly edited for brevity and clarity.

Source link
——————————————————————————————————

The post #deepweb | <p> How This Barber Uses His Shop To Improve Black Men’s Mental Health <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Student, 22, died under a passenger train after his health deteriorated due to an ‘oddball’ diet

Source: National Cyber Security – Produced By Gregory Evans

A food technology student threw himself under the wheels of a passenger train after an extreme diet he found on the internet caused his health to deteriorate.

Will Mathews, 22, ate only vegetables and fruit after becoming ‘fixated’ with recipes free from carbohydrates and protein he downloaded from a US website. 

The Manchester Metropolitan University student, a former pescatarian, began taking health supplements to compensate but he became convinced he had issues with his bones and he started to lose his hair. 

Food technology student Will Mathews, 22 – from Stockport, Greater Manchester – threw himself under the wheels of a passenger train after an extreme diet he found on the internet caused his health to deteriorate

Mr Mathews ate only vegetables and fruit after becoming 'fixated' with recipes free from carbohydrates and protein he downloaded from a US website

The Manchester Metropolitan University student, a former pescatarian, was convinced he had issues with his bones and he started to lose his hair

Mr Mathews ate only vegetables and fruit after becoming ‘fixated’ with recipes free from carbohydrates and protein he downloaded from a US website

His mental state deteriorated amid fears he was struggling with his degree.

Mr Mathews, from Stockport, Greater Manchester, stepped into a path of the Birmingham to Manchester train as it was travelling through Levenshulme on October 8 2017.

He suffered multiple injuries and died at the scene.

An inquest was told Mr Mathews had enjoyed his food as a youngster but his health deteriorated after he enrolled at university.

His father Christopher Mathews told the Manchester inquest: ‘He was clearly struggling with his studies but it was the way he was constantly referring to the problems with his physical illness and his diet.

Mr Mathews, from Stockport, Greater Manchester, stepped into a path of the Birmingham to Manchester train as it was travelling through Levenshulme on October 8 2017

Mr Mathews, from Stockport, Greater Manchester, stepped into a path of the Birmingham to Manchester train as it was travelling through Levenshulme on October 8 2017

‘You could see he wasn’t looking after himself and was dropping out of the university system. He was always following a very strict diet eating only vegetables and fruit and he had been following this for some time, it started in December 2016.

‘He had this fixation with this diet and it got worse and worse and eventually he was taking supplements and all sorts of things. It appeared this diet was more from the internet and social media and was taking information from American websites.

‘I did ask him where he got all this from, he was quite assertive that he believed this information to be true, but it was from oddball websites and books. 

Mr Mathews's mental state deteriorated amid fears he was struggling with his degree at Manchester Metropolitan University

Mr Mathews’s mental state deteriorated amid fears he was struggling with his degree at Manchester Metropolitan University

‘We were very, very concerned about his well being, not so much his mood, more his irrational behaviour, he was sleeping until the afternoon, and when he was talking it was nonsensical.

An inquest was told Mr Mathews had enjoyed his food as a youngster but his health deteriorated after he enrolled at university

An inquest was told Mr Mathews had enjoyed his food as a youngster but his health deteriorated after he enrolled at university

‘He believed he had physical problems with his bones and this culminated in a meeting with his GP. The main thing was the diet. I requested a meeting to see if any counselling could be offered but it wasn’t available.

‘I funded private counselling and he attended three sessions, but he wasn’t responding to that and it was stopped. 

‘On 29th September 2017 he was admitted to hospital and I met him for lunch and he looked like he had gone insane.

‘He was completely out of reality, he was in his own little bubble. He was completely exhausted he couldn’t focus. He kept saying on many occasions he was going die and that his disease was consuming him physical and mentally. 

‘He did say to me occasionally “I have just had enough, I want to end things”, but these were fleeting comments, he didn’t say how or when.’

Mr Mathews’ mother Sylvia Duncan, a nurse said: ‘He was always a very friendly little boy and when he was growing up he really enjoyed his food, and there was one point when I was going to London to see my sister and brother in law when he declared he was going pescatarian.

‘He once told me “I want to make sure everybody’s healthy and I want to open my own enterprise, I want everybody to know about healthy eating”. He was never a fussy eater, he ate everything and enjoyed cooking.

‘He started the pescatarian diet where he cut out just meat, then he started to cut out certain types of food including carbohydrates and protein. He kept saying: “I don’t need protein I have been told I don’t need it”.

‘I noticed he was losing weight, he was having to eat more frequently as he wasn’t taking in anything of substance. He was coming up with arguments from people he met online and he was eating just greens and fruit which he mashed it up.

‘As I am a nurse I understand nutrition but he was telling me people who had written books which he purchased told him to get better you had to deteriorate a little bit first.

Mr Mathews' (pictured) father Christopher Mathews told the Manchester inquest: 'He was clearly struggling with his studies but it was the way he was constantly referring to the problems with his physical illness and his diet

Mr Mathews’ (pictured) father Christopher Mathews told the Manchester inquest: ‘He was clearly struggling with his studies but it was the way he was constantly referring to the problems with his physical illness and his diet

‘I tried to say that it doesn’t make any sense but he was adamant that they knew what they were talking about. 

‘I think this diet was linked to his knowledge of food. But I think he accessed the wrong information from Google which sent him in the wrong direction.

‘I remember him coming home and showing me his knees and he said there was something wrong and I said it was because of his weight loss because of the diet he had been following.  

The inquest heard Mr Mathews was admitted to the Norbury Ward at Stepping Hill Hospital in September 2017 after further concerns about his mental condition

The inquest heard Mr Mathews was admitted to the Norbury Ward at Stepping Hill Hospital in September 2017 after further concerns about his mental condition

‘He started to suffer with anxiety and I remember he said he was losing a couple of his dreadlocks. He said he was looking it up online and he said it was because he was following this diet incorrectly.

‘I said it was because of the diet but he said he had spoken to some woman in America and she told him it was because he wasn’t following this diet correctly. He said he was worried if he didn’t get back on track something was going to happen.

‘His GP referred him to the early intervention team and prescribed anti anxiety medication and sleep medication.’

The inquest heard Mr Mathews was admitted to the Norbury Ward at Stepping Hill Hospital in September 2017 after further concerns about his mental condition. 

He died after buying supplements from a Holland and Barrrett store during a period of leave.

Leanne Callan of British Transport Police said: ‘Officers attended the ward at Stepping Hill and recovered a laptop and sent it to the high tech crime unit in London. I am aware the family did have concerns regarding access to websites and the dark web and things like that.

‘The interrogation unit were asked to check if William had been accessing any dark web material but there was no such usage of the dark web.

‘They were able to access a number of word documents. There were three documents of interest, one called “final note”, one called “suicide note” and a third called “the way”. All were created on various dates in September, the last document was “the way”, which was modified on 04/10 at 9.23am. 

‘These were the three documents which were deemed to be critical in the investigation.

‘From the evidence on the CCTV and the train driver’s statement, we believe that William deliberately entered the tracks on his own, there was no third party involvement, and deliberately placed himself in front of the train.’

For confidential support, call the Samaritans on 116123, visit a local branch or go to the website www.samaritans.org 

Source link
——————————————————————————————————

The post #deepweb | <p> Student, 22, died under a passenger train after his health deteriorated due to an ‘oddball’ diet <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Cyber attack shuts down computers at San Antonio mental health provider

Source: National Cyber Security – Produced By Gregory Evans

A cyber attack has shut down the computer network at the Center for Health Care Services, Bexar County’s largest provider of mental health and substance abuse services.

CEO Jelynne LeBlanc Burley confirmed Tuesday that the company’s system was included in a larger-scale cyber attack last week that’s under investigation by federal law enforcement agencies.

It’s unclear how many organizations were hit by the attack or who was behind it.

The city of New Orleans made headlines recently when it suffered a cyber attack on Dec. 13 serious enough for its mayor to declare a state of emergency.

Hospitals, school districts, government agencies and businesses are increasingly falling victim to ransomware, which the Federal Bureau of Investigation describes as an insidious type of malware that encrypts or locks up valuable digital files. The perpetrators demand a ransom to release the files.

Burley said she doesn’t know whether the attacker demanded a ransom from the center. Because it’s part of a larger attack, she added, the FBI and the Secret Service are investigating.

She said federal officials called the center last week about the attack, and that the center’s techs isolated the threat to a single computer server. Burley decided to shut down the center’s entire computer system as a precaution. Administrators expect it will be back up by Thursday.

Texas Inc.: Get the best of business news sent directly to your inbox

“Now we’re in the process of bringing back our system,” she said. “We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact.”

CHCS operates several locations in San Antonio, including a walk-in mental health clinic and mobile crisis outreach team, substance abuse recovery facilities and programs at the homeless services campus Haven for Hope.

There were several notices posted around the center’s main office at 6800 Park Ten Boulevard warning employees to take laptop computers to the IT department.

Federal law enforcement officials could not be reached Tuesday.

Laura Garcia covers the health care industry in the San Antonio and Bexar County area. Read her stories and more local coverage on our free site, mySA.com, and on our subscriber site, ExpressNews.com. | laura.garcia@express-news.net | Twitter: @Reporter_Laura

Source link

The post #school | #ransomware | Cyber attack shuts down computers at San Antonio mental health provider appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Richard Frank: LifeLabs hackers could still hold health records of 15 million Canadians

Source: National Cyber Security – Produced By Gregory Evans

LifeLabs announced this past week that hackers had invaded its computer system and put the records of 15 million Canadians at risk

Veronica Henri / Veronica Henri/Toronto Sun

OPINION: If the cybercriminals already have a copy, then retrieving data by paying ransom will not suddenly disallow the attackers from further using that data

LifeLabs — Canada’s major provider of lab diagnostics and testing services — announced on Dec. 17 that hackers had potentially accessed computer systems with data from “approximately 15 million customers” that “could include name, address, email, login, passwords, date of birth, health card number and lab test results.”

As a Canadian citizen whose data and whose family’s data is probably among the 15 million records stolen, my first thought is about the implications of this breach.

At the International Cybercrime Research Centre in the School of Criminology at Simon Fraser University, we’ve been studying online hacker communities for about seven years and the Dark Web for the past four years. The Dark Web, with its large number of marketplaces (called cryptomarkets, think eBay for drugs and stolen data), is a fascinating place where all sorts of products, data and services are made available for purchase. Payments are made using anonymous (mostly) untraceable digital currencies. I would expect parts of LifeLabs’s database to eventually end up in a marketplace like that.

So how did this happen? Details of the hack have not been revealed due to the ongoing investigation, but hopefully we will eventually learn the specifics. According to the Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC), “cyber criminals penetrated the company’s systems, extracting data and demanding a ransom,” which LifeLabs paid.

This points to a likely ransomware attack, where the attacker encrypts the data on a computer system and makes it inaccessible. Unless a backup of the data exists, the only way to recover the data is by paying the attacker a ransom, who sends the victim the decryption keys to unlock the data. Most of these ransomware attacks use encryption so strong that even security firms cannot unlock the files, which has led to a new type of business where consultants help ransomware victims negotiate and pay the ransom.

In most ransomware cases the data remains on the victim’s computer, but its access is revoked through strong encryption. This implies that the attackers do not actually have a copy of the data and thus the chances for future revictimization remain low. However, the language of the OIPC indicates that in this case, the data were “extracted.” This puts a new twist on the story.

Ransomware attackers sometimes do use ransomware — software that threatens to block access or publish data — that not only locks files, preventing the victim from doing anything, but also leaks the files back to the attackers. This allows the attackers to potentially extort more money from the victim, as happened a few weeks ago to Allied Universal, a security firm in California. That seems to be the case with LifeLabs.

If this is true, then our data is out there, in the hands of cybercriminals, and will remain out there. LifeLabs has stated that they have “retrieved the data by making a payment,” but if the cybercriminals already have a copy, then retrieving it will not suddenly stop the attackers from further using that data.

Did LifeLabs not have a proper backup and recovery procedures in place so it could recover from this failure without having to resort to paying a ransom?

The likely scenario is that LifeLabs fell victim to a ransomware attack, possibly sparked by a phishing email with a malicious link or attachment, which resulted in up to 15 million customers’ information (our information, not LifeLabs’) being extracted to the attackers. LifeLabs paid the ransom to regain access to the data and continue business.

What can we, as customers, do? Unfortunately, not much.

The data theft is beyond our control. Periodically we must do business with third-parties that require our personal information and we have no choice but to hand it over. Implicit in this transaction is that the other party (LifeLabs, for example) will protect that data. The only available option we have as customers is to be vigilant of our personal information, including financial and health details; but this is after the data theft.

We must check our credit card statements, our credit histories, our insurance claims. We must not use the same password in multiple places and should use two-factor authentication whenever possible.

Potentially the best way to prevent future breaches would be to incentivize organizations that collect our personal details to secure them properly. This could be done by changes to the legislation, like in the European Union and its new General Data Protection Regulation (GDPR) introduced in 2018.

In August 2018, the British Airways website was breached and 500,000 customer details stolen. The United Kingdom’s Information Commissioner’s Office handed down a fine of £183 million (approximately $321 million), based on a new U.K. law designed to mirror the EU’s GDPR. With penalties like that, third-party organizations would have no choice but to take data security seriously, rather than as an operational cost.

Richard Frank is assistant professor of criminology at Simon Fraser University.


Letters to the editor should be sent to provletters@theprovince.com.

CLICK HERE to report a typo.

Is there more to this story? We’d like to hear from you about this or any other stories you think we should know about. Email vantips@postmedia.com.

Source link
——————————————————————————————————

The post #deepweb | <p> Richard Frank: LifeLabs hackers could still hold health records of 15 million Canadians <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Ransomware attack freezes health records access at 110 nursing homes – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Happy Thanksgiving: your elder loved one’s life may be at risk.

About 110 nursing homes and acute-care facilities have been crippled by a ransomware attack on their IT provider, Virtual Care Provider Inc. (VCPI), which is based in the US state of Wisconsin and which serves up data hosting, security and access management to nursing homes across the country.

The attack was still ongoing on Monday, when cybersecurity writer Brian Krebs first reported the assault.

Krebs says it involves a ransomware strain called Ryuk, known for being used by a hacking group that calculates how much ransom victimized organizations can pay based on their size and perceived value.

Whoever it was who launched the attack, they got it wrong in this case. VCPI chief executive and owner Karen Christianson told Krebs that her company can’t afford to pay the roughly $14 million Bitcoin ransom that the attackers are demanding. Employees have been asking when they’ll get paid, but the top priority is to wrestle back access to electronic medical records.

The attack affected virtually all of the firm’s core offerings: internet service, email, access to patient records, client billing and phone systems, and even the internal payroll operations that VCPI uses to pay its workforce of nearly 150. Regaining access to electronic health records (EHR) is the top priority because without that access, the lives of the seniors and others who reside in critical-care facilities are at stake.

This is dire, Christianson said:

We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time. In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.

As Krebs notes, recent research suggests that death rates from heart attacks spike in the months and years following data breaches or ransomware attacks at healthcare facilities. A report from Vanderbilt University Owen Graduate School of Management posits that it’s not the attacks themselves that lead to the death rate rise, but rather the corrective actions taken by the victimized facilities, which might include penalties, new IT systems, staff training, and revision of policies and procedures.