When you’re trying to run your surgical suite, we’re guessing the last thing you want to do is pay hackers $14,000 in a ransomware attack, but that’s just what happened to a group of doctors in Washington.
Spokane, Wash.-based Columbia Surgical Specialists learned of the ransomware attack Jan. 9, a few hours before a few of their patients were scheduled for surgery. What exactly is ransomware?
Ransomware is a type of malicious software that encrypts a victim’s computer files, which hackers offer to decrypt in exchange for a ransom payment. In this case, the encrypted files and systems at Columbia Surgical Specialists included protected health information such as patient names and Social Security numbers.
Not only did the hackers access their patients information, they also kept that important information from the healthcare providers. You can read the full story here.
Exploit: Ransomware Attacks
Columbia Surgical Specialists: Surgical facility in Spokane, Washington.
Risk to Small Business: 2.111 = Severe: Columbia Surgical Specialists decided to pay almost $15,000 in ransom to unlock files that were encrypted by hackers. After originally discovering the incident on January 9th, the firm hired an outside security firm to mitigate the aftereffects of the attack. Initially it was believed that 400,000 patients could have been affected, but the number has since then been reduced. Columbia Surgical Specialists explained that their delay in reporting was due to the time needed to analyze information surrounding the breach, and they do not believe that the attackers were able to access patient data.
Individual Risk: 2.428 = Severe: Names, drivers’ license numbers, SSNs, and protected health information was impacted in the ransomware attack. However, the outside security firm believes that it is unlikely that the data was exposed in the incident.
How it Could Affect Your Business: Ransomware is a sticky subject for businesses and can resemble a virtual hostage situation. In the event of an attack, security experts recommend not paying ransoms to hackers, since it incentivizes future exploits and can result in greater demands. To prevent such exploits from occurring in the first place, organizations must partner up with managed security providers.
Contrast Communications to the Rescue: We can find out how payment data is being used on the Dark Web, even in the case of a malware attack.