Ransomware Attacks Against U.S. Healthcare
Law Enforcement, Regulatory, Legal and Cybersecurity Perspectives

Ransomware attacks against healthcare organizations increased 89% in 2017.

All of the six largest attacks against healthcare organizations recorded in 2017 by the Department of Health and Human Services, Office for Civil Rights (HHS OCR) were attributed to ransomware. So far in 2018, healthcare organizations continue to be a favorite target of ransomware attackers, with ransom demands climbing higher than ever. In addition to the ransom cost, many recent ransomware attacks have brought healthcare systems down for weeks with impacts well beyond the IT sphere, including patient health and safety.

Ben Stone, Supervisory Special Agent, Cyber will provide insight on current ransomware trends from the FBI’s perspective. Barbara Holland, Regional Manager of HHS Office for Civil Rights will discuss OCR’s approach to ransomware cases, and the regulator’s perspective. Sean Hoar, Partner at Lewis Brisbois and Chair of the firm’s Data Privacy & Cybersecurity Practice will share his experience as outside counsel for the nearly daily stream of ransomware cases and Ben Goodman, CEO of 4A Security & Compliance will moderate the discussion and provide insights based on his work helping organizations prepare for and respond to ransomware incidents from the cybersecurity consultant’s perspective.



Ben Goodman – CEO
4A Security & Compliance


Sean Hoar – Partner,
Chair of the Data Security Practice
Lewis Brisbois Bisgaard & Smith LLP

Barbara Holland – Regional Manager,
Office for Civil Rights
U.S. Department of Health &
Human Services

Benjamin Stone – Supervisory Special Agent, Cyber Desk
Federal Bureau of Investigation

0 + 3 =

What we will cover:

  • What does the FBI Cyber Squad see as the current trends in ransomware?
  • What is the regulatory perspective and how does HHS OCR handle HIPAA enforcement ransomware attacks on healthcare organizations?
  • What is unique about ransomware attacks against healthcare organizations from the perspective of outside counsel?
  • What makes one healthcare organization more vulnerable to a damaging ransomware attack than another, from the cybersecurity perspective?
  • What should counsel do to help healthcare organizations prepare for a ransomware attack?
  • What are the best recommendations for organizations to keep in mind when responding to a ransomware attack?



Ben is the founder and CEO of 4A Security & Compliance, a firm that helps clients measure and manage cyber risk and meet their information security and compliance requirements. Ben has over 25 years of experience in information technology, technology strategy and risk management. Ben oversees the 4A Security healthcare practice, including HIPAA Security Risk Analysis, Incident and Breach Response, Vendor Due Diligence, Cloud Risk Assessment, Sensitive Data De-Identification, and Information Security and Resilience Planning. He has assisted healthcare covered entities and business associates in responding to security and privacy incidents and breaches. Ben is a member of the faculty at Drexel University, LeBow School of Business where he has lectured on cyber risk management and he has conducted research on stolen PHI and darknet markets.

Ben organizes the annual 4A Data Security & Privacy Symposium hosted at Drexel LeBow which will be held on March 22, 2018.

Ben is a member of the Casualty Actuarial Society’s Cyber Risk Task Force and a member of the Society of Actuaries Project Oversight Group on “Cybersecurity Insurance: Modeling and Pricing.” Ben is the recipient of ISACA’s Worldwide Achievement Award, and he is a Fellow of the Ponemon Institute. He is also a member of the Pace University, Seidenberg School of Computer Science Cybersecurity Advisory Board, and a member of the Philadelphia Chapter of Infragard. He has served as an expert witness on legal matters concerning HIPAA data breaches, security, privacy and HIPAA compliance. He is the author of award winning paper “The Cyber Risk Ecosystem.”  He received his Bachelors of Arts Degree from Columbia University.


Barbara became Regional Manager for the Department of Health and Human Services Office of Civil Rights in October 2012 and is responsible for management and oversight of OCR’s work enforcing both civil rights and HIPAA compliance in PA, DE, MD, WV, VA, and DC.  Prior to that appointment, Barbara served as the Department’s Deputy Executive Secretary, managing on behalf of the Secretary the review and thorough vetting of regulatory policies and decisions for the Affordable Care Act and other Department initiatives and the development and implementation of Department responses to Presidential Executive Orders and Memoranda on regulatory reform and regulatory agenda-setting. Before returning to HHS in 2010, Barbara worked almost eight years for Pennsylvania Governor Ed Rendell and, before that, had an active general law practice for over fifteen years. Barbara began her public service career at HHS and was one of the youngest members to be inducted into the United States Government Senior Executive Service.  Barbara holds a bachelor’s degree from Cornell University and a law degree from the University of Pennsylvania where she was an Editor of the Law Review.  She also holds a Masters Degree in Public Health from Yale University.


Ben joined the FBI in January 2002 and was assigned to the Houston Division, Texas City Resident Agency where he worked a variety of criminal matters.  In April 2008, Ben was promoted to Supervisory Special Agent in the FBI’s Weapons of Mass Destruction (WMD) Directorate where he supervised FBI programs related to the prevention of the proliferation of WMDs. In June 2010, he was named to the FBI’s Philadelphia Field Office to serve as Supervisory Special Agent of the Intelligence Squad, responsible for the strategic recruitment of Confidential Human Sources across the Division. In February 2013, Ben was promoted to Assistant Inspector at FBIHQ where he served in the Office of Inspections and was responsible for conducting inspections across multiple FBI Field Offices and FBIHQ Divisions. In March 2014, he returned to Philadelphia and was chosen to lead the newly created Cyber Criminal Squad responsible for all criminal cyber crimes for the FBI Philadelphia Office. From June, 2016, through January, 2017, he served at the U.S. Embassy, Paris, France as the FBI’s liaison to French Law Enforcement and Security Services regarding Cyber matters. He is a native of the United Kingdom and has a B.S. in Chemistry from the University of East Anglia and a M.S. in Organic Chemistry from the University of Pennsylvania.  Prior to entering the FBI Ben worked as researcher in the pharmaceutical industry.  He holds two United States Patents and is the author or co-author on several peer reviewed scientific papers.


Sean Hoar is a partner in the Portland office of Lewis Brisbois and chair of the Data Privacy & Cybersecurity Practice. Sean Hoar, CISSP, GISP, CIPP/US, has extensive experience managing responses to digital crises and effectively marshaling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon where he was the point of contact for the FBI, Secret Service, and Homeland Security in system intrusions and other digital crime emergencies. He now counsels businesses on best practices in information privacy and data security, and countering cybersecurity threats. He also facilitates incident response planning and risk assessments, and manages responses to data breaches. As a veteran security and privacy attorney and an accomplished litigator prosecuting cybercrime, identity theft, Internet fraud, and other matters for the U.S. Department of Justice, Sean managed compliance with the Fourth Amendment, the Stored Communications Act, and other constitutional and regulatory frameworks for federal law enforcement. He trained federal investigators and prosecutors about the acquisition and use of digital evidence, and he trained foreign officials, on behalf of the U.S. Department of State, about anti-terrorism and cybercrime awareness. He currently teaches courses in cybercrime and privacy law and serves as the executive director of the Financial Crimes & Digital Evidence Foundation. A frequent author and speaker on privacy and security matters, Sean has received numerous accolades from the FBI, the Secret Service, the IRS, and the DEA throughout his career.