Saint Louis University Journal of Health Law & Policy

Document Type

Student Comment


Each day the health care sector is subjected to an onslaught of thousands of ransomware virus attacks which attempt to capture a provider’s IT operations until a ransom is paid to the hacker. Apart from monetary, functional, and civil liability considerations, compromised health systems that contain electronic patient health information could expose a provider to legal liability under multiple HIPAA laws. This article will explore how recent amendments made to HIPAA, particularly under the Omnibus and HITECH Acts, incentivize providers to obtain legal, functional, and policy-based benefits by utilizing off-site data backup business associates as part of their cybersecurity defense strategy in the escalating war against ransomware.