Monday, August 22, 2016

"Controlling data by making it unusable [such as hospital data involved in a ransomware attack] ...

... ] is not the same as acquiring it. Controlling data by corrupting it is not the same as acquiring it. If I burn down your house and in doing so destroy your mint condition collection of Star Wars action figures, I have not acquired them, even though I have made them unavailable to you. Arson is not theft. [HHS's recent guidance indicating that most ransomware attacks are HIPAA breaches] is built on embarrassingly faulty reasoning."

— Jeff Drummond, a partner with Jackson Walker LLP in Dallas, told AIS's Report on Patient Privacy.

No comments:

Post a Comment