Hospital pays $17,000 ransom to get access back to its encrypted files: What lessons can we learn?

crypto1Cyber criminals recently put the Hollywood Presbyterian Medical Center in an extremely difficult position. According to an article from CSO Online, the criminals hit the L.A. hospital with malware that encrypted their files, blocking authorized access to the data.

For over a week, hospital staff could no longer use their system. To transmit patient information, they had to fall back on using telephones and fax machines. Engadget reports that the attack interfered with treatments and diagnostic work; the hospital had to transfer patients to other facilities. The attack not only threatened the hospital's finances; it also endangered patients.

Finally, the hospital paid $17,000 ransom to get access back to its encrypted files. Working with law enforcement and IT experts didn't help quickly enough in the aftermath of the attack; the encryption was apparently quite powerful, and the hospital couldn't recover the inaccessible files on their own. The hospital's administrators felt that they couldn't wait longer to restore functionality to their system.

The rise of ransomware
Ransomware is any kind of malware that reduces or blocks off access to a system and the data in it. Hackers hope that an organization or individual will pay money to regain access. Ransomware may involve encrypted files, like in the Hollywood Presbyterian Medical Center attack, where the hospital paid for the decryption key. Other times, hackers may lock the system completely until they're paid.

Ransomware is a potent threat, one of the most powerful tools in a hacker's arsenal. And the threat is on the rise. A recent article from CBS News mentions that in 2013, the number of ransomware attacks rose from 100,000 in January to 600,000 in December. These kinds of attacks have also increased in scale, shutting down operations in major companies and other organizations.

Also keep in mind that, in addition to using ransomware, there are other ways that hackers can demand a ransom for your sensitive data. For example, if they obtain your sensitive information, such as a confidential business document, they may ask you to pay them not to release it or sell it to another party.

What lessons can we learn?
One of the lessons from the attack is that no one is safe from ransomware. The malware can get on your system through something as simple as an infected website or an email attachment.

As much as possible, you need to protect your organization's computing devices with anti-malware programs that are regularly updated. It's also important to train employees in cyber security best practices; they should always think carefully before downloading something to their device or clicking on a link to a new site.

Another lesson involves the importance of regularly backing up data. If you've backed up your data offline or otherwise separate from your system, you may not need to pay hackers ransom; you can restore the data on your own or with the assistance of IT professionals, after ridding your system of the malware. Occasionally, it's possible to break the encryption that the malware sets in place, but usually it's too difficult. An organization can't keep operating for too long without accessing its files.

The third lesson really doesn't bring with it easy answers; it boils down to the question of whether or not to pay the hackers. Again, lack of payment means losing the data, which is often an unsustainable action for a business, agency or individual. But paying off the hackers encourages additional attacks, sometimes against the same organization. It's a genuinely tough call to make, and it's frightening how much power hackers attain when they render your data inaccessible.

Your best course of action is prevention, vigilance and strong data recovery measures, including secure back-ups. To discuss these important issues, please contact us. We can help you better protect yourself against this insidious type of cyber attack.

With the surge in the number of small and medium businesses that have fallen prey to malware and cyber criminals, there is a lot of focus of what an organization can do to prevent being a victim and how the company should handle themselves after an attack. There is another key factor to preventing cyber criminals from penetrating into your network:...

- Onsite Service Coverage Area -

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.



White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064


 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions