Connecticut Office CALL US AT (203)-295-5050 | New York Office (646)-693-1950
Home - Article

Featured Article

January 17, 2018

Hospital Pays $55,000 to Hackers After Ransomware Infection


Stop and think about what a hospital could do with $55,000 of disposable income. This money could be given to families who cannot afford medical treatment. It could be used to buy new equipment, improve waiting room services for patients, or hire extra staff members. The possibilities are endless.

With this in mind, it's very sad to see what happens when cybercrime impacts the medical industry, forcing providers to pay cybercriminals instead of making upgrades. Just recently, Greenfield, Indiana’s Hancock Hospital paid a ransom of $55,000 to hackers to unlock their systems after a ransomware infection. Hackers used the ransomware to take over the hospital’s IT systems, and demanded they pay a ransom in Bitcoin in return for a decryption key.

The hospital, caught in a bind, chose to pay the ransom.

Sources indicate that the attack happened around 9:30 p.m., and was discovered almost instantly. However, the infection quickly cascaded across the hospital’s email system, internal operating systems and electronic health records. Hackers successfully accessed over 1,400 files and named them “I’m sorry” before locking them.

It is believed that the hackers logged into the hospital’s communications system using a third party vendor’s credentials. The hospital was given seven days to respond.

Interestingly, the hospital had access to a data backup system. However, while the backup system could have been used, it would have taken several days or even weeks to fully implement it. It would have also been very expensive. So instead, the hospital chose to take the fast and easy way out by paying the ransom.

Immediately, they were given a decryption key — something that does not always happen after a ransomware attack. Oftentimes, an organization will make a ransomware payment and will then be left in the dark.

So as this example shows, data backups do not always help after a ransomware attack. And for this reason, companies need to be extra vigilant about what employees are doing online. Education and cybersecurity training is critical to prevent costly cyberattacks from entering and cascading across a network.

Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.

1.    Cybersecurity training must be done regularly.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!