Hospitals continue to be targeted at an inappropriate rate
over the last five years. Other industries have just as valuable data as the
medical field, however, hospitals are in the news at a higher rate. One aspect
of this driving the attacks is the criticality of the services. The hospitals
require access to the data (e.g., patient charts) and networks to perform the
operations, both planned and emergency, procedures, and simply to see patients.
The high-level data flow for this is quite simple. In the alternative, the
system may be breached, and patient data exfiltrated. The ransom may be
demanded as a promise to not distribute or sell this data to other unauthorized
parties.
Therefore ransomware, in this circumstance is so potent.
Also, the patient data is very important to both parties, the hospital and patient.
The hospital must report the breach in most instances. The patient, depending
on the data itself, may have the pleasure of monitoring their accounts and
credit report for decades.
With the exfiltrated data, the hospital generally has two
options. They may or may not pay the ransom to keep the data from being sold to
other unauthorized parties. Paying the ransom usually is not recommended. The
thought, in this case, after the money is received, they would release it
anyway. While this has occurred in a limited number of times over the last few
years, this is a detriment to the business model and the malware industry. If
the organization is reasonably certain the data will be published anyway, there
is absolutely no reason to pay a penny. In this instance Sturdy Memorial
Hospital did pay the ransom or fee. The amount was not disclosed. As a result
of the breach, the hospital mailed letters to the effected parties. As part of
the response, the incident was reported to the FBI.
While the attack vector was not noted, the incident is
representative of the reach ransomware has. Dependent on the malware strain, all
it can take is one person clicking the wrong link. We still need additional
training to limit the potential for this to happen elsewhere.
No comments:
Post a Comment