Interested in training for your team? Click here to learn more

Healthcare and Ransomware Attacks: Protecting Patient Information, Mitigating Privacy Risks

Determining Reportable Breach, Challenges With Third-Party Vendors

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Wednesday, March 17, 2021

Recorded event now available

or call 1-800-926-7926

This CLE course will offer critical insights into the threat of ransomware attacks on healthcare organizations, and best practices inside counsel should consider while preparing for and responding to these events. The panel will examine recent attacks and the lessons learned from them and will discuss the healthcare entities' vulnerabilities and practices that can reduce the risk.


The healthcare industry has seen a jump in ransomware attacks over the past year. Since the beginning of COVID-19, hospitals have been particularly vulnerable. A recent report by the FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency found that the healthcare industry is at particular risk in the growing cyber attack threat. It warned of "an increased and imminent cybercrime threat" to healthcare providers.

Government agencies are pushing "healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats," including ransomware. Counsel can guide providers in establishing policies and procedures to mitigate privacy and other legal risks while navigating a myriad of privacy laws, including HIPAA and state privacy laws.

Listen as our authoritative panel examines the recent ransomware attacks on healthcare organizations and the lessons learned from these attacks. The panel will discuss the vulnerabilities for healthcare entities and practices that can reduce the risk. The panel will also address issues related to working with third-party vendors and determining whether a ransomware incident is a reportable breach. The panel will offer best practices for protecting against ransomware attacks.



  1. Recent ransomware attacks and lessons learned
  2. Healthcare entities' vulnerabilities
  3. Steps to mitigate risk
    1. HIPAA
    2. State privacy laws
  4. Working with third-party vendors
  5. Reportable breach?
  6. Best practices to protect against ransomware attacks


The panel will review these and other key issues:

  • What unique challenges arise for healthcare providers with ransomware attacks?
  • What steps should healthcare providers and their counsel take to mitigate the risks of ransomware attacks?
  • What are best practices to reduce legal risk and liability when hit with such an attack?
  • What challenges do healthcare entities face when working with third-party vendors?
  • How does one determine whether a ransomware incident is a reportable breach?


Lashway, Scott
Scott T. Lashway

Partner, Co-Leader Privacy and Data Security Practice Group
Manatt, Phelps & Phillips

Mr. Lashway has established himself as one of the nation’s leading cybersecurity and data privacy advisers as...  |  Read More

Nickle, Lindsay
Lindsay B. Nickle

Partner, Vice Chair of the Data Privacy & Cybersecurity Practice
Lewis Brisbois Bisgaard & Smith

Ms. Nickle helps clients by overseeing the process of investigating data security events and interpreting the myriad...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video