The intersection of health and bankruptcy law could not be more pronounced in the event of a cataclysmic event. A cyberattack is such an event. Following the cyberattack on Colonial Pipeline, which led to a multiday shutdown of the pipeline and an East Coast fuel shortage, the Department of Justice (DOJ) heightened the priority of ransomware attacks. Recognizing the devasting impact that cyberextortion can have on individuals, businesses, and supply chains, the DOJ now has protocols in place to treat ransomware attacks the same way it treats terrorism. The healthcare industry has increasingly become a victim of these devastating cyberattacks. Notorious for lax and outdated cyberprotection, healthcare companies provide the perfect combination of being an easy target with an abundance of data, not to mention the tangible risk to patient well-being and the unique financial pressures associated with breaches of electronic protected health information (ePHI).

Originally published in American Bankruptcy Institute - August 2021.