Stop and think about what a hospital could do with $55,000 of disposable income. This money could be given to families who cannot afford medical treatment. It could be used to buy new equipment, improve waiting room services for patients, or hire extra staff members. The possibilities are endless.
With this in mind, it's very sad to see what happens when cybercrime impacts the medical industry, forcing providers to pay cybercriminals instead of making upgrades. Just recently, Greenfield, Indiana’s Hancock Hospital paid a ransom of $55,000 to hackers to unlock their systems after a ransomware infection. Hackers used the ransomware to take over the hospital’s IT systems, and demanded they pay a ransom in Bitcoin in return for a decryption key.
The hospital, caught in a bind, chose to pay the ransom.
Sources indicate that the attack happened around 9:30 p.m., and was discovered almost instantly. However, the infection quickly cascaded across the hospital’s email system, internal operating systems and electronic health records. Hackers successfully accessed over 1,400 files and named them “I’m sorry” before locking them.
It is believed that the hackers logged into the hospital’s communications system using a third party vendor’s credentials. The hospital was given seven days to respond.
Interestingly, the hospital had access to a data backup system. However, while the backup system could have been used, it would have taken several days or even weeks to fully implement it. It would have also been very expensive. So instead, the hospital chose to take the fast and easy way out by paying the ransom.
Immediately, they were given a decryption key — something that does not always happen after a ransomware attack. Oftentimes, an organization will make a ransomware payment and will then be left in the dark.
So as this example shows, data backups do not always help after a ransomware attack. And for this reason, companies need to be extra vigilant about what employees are doing online. Education and cybersecurity training is critical to prevent costly cyberattacks from entering and cascading across a network.
Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.
1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.