Everything you ever wanted to know about security policy management, and much more.
A couple of weeks ago, I blogged about a recent CSI:Cyber episode in which a hospital is attacked by a hacker via a vulnerable Smart TV connected to the hospital’s Wi-Fi. It’s now been reported that the Hollywood Presbyterian Medical Center is being held to ransom for $3.6 million following a ransomware attack, with systems critical to CT scans, laboratory, and pharmacy work forced offline and patients having to drive for up to an hour just to collect lab tests.
Life, it seems, is imitating art.
At the time of writing, the hospital’s network had been offline for over a week while law enforcers attempt to identify the attackers. Staff are grappling with the loss of email, and are having to revert to pen and paper for handling patient records.
The incident highlights the vulnerability of organizations of all types to ransomware attacks, which can bring day-to-day operations to a standstill.
As my colleague, Erik Barnett recently blogged, ransomware attacks are on the rise, and are carried out when a malicious piece of malware gets into a network and encrypts all the files. It leaves behind only an HTML message demanding payment in return for decryption of the information. In many cases, there is little that can be done other than pay the ransom and hope the criminals will fulfill their end of the deal.
However, there are some straightforward principles that all organizations, large or small, public or private sector, can put in place to help mitigate the risk of a damaging ransomware attack:
A successful ransomware attack can be hugely disruptive, costly and time-consuming to respond to, not to mention enormously damaging to reputation and the business bottom line. Getting these basic principles in place could be a life-saving move.
–> Update 2/18. Last night hospital officials paid the $17,000 ransom in order to get back control of their network. While clearly no-where near the $3.4M asking price, I guess this proves that crime pays. Lets hope the attackers get caught soon.
Receive notifications of new posts by email.