Ransomware is becoming a growing problem for the healthcare industry. And with around a dozen attacks on hospitals being reported since the beginning of the year, you may be wondering just how severe the problem is. Should you be alarmed? How can you protect your practice? Here’s an inside look at how the ransomware epidemic […]
Ransomware is becoming a growing problem for the healthcare industry. And with around a dozen attacks on hospitals being reported since the beginning of the year, you may be wondering just how severe the problem is. Should you be alarmed? How can you protect your practice? Here’s an inside look at how the ransomware epidemic is affecting the US and Canadian healthcare systems.
The ransomware strike on Hollywood Presbyterian Medical Center on February, 5 was one of the first major attacks this year. The hospital lost control of its computer system to hackers and was forced to pay them $17,000 to regain control.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” stated Allen Stefanek, president of the medical center.
Thankfully, access to Hollywood Presbyterian’s EMR system was restored on Monday February, 15, over a week after the initial attack. So what can be learned from this story? Well, it raises a very important question…
Should you pay a hacker who’s infected your system with ransomware?
It’s a vexing question, and unfortunately the consensus on the answer is split. The problem is that the ransomware is very intelligently designed. And while it may sound absurd to pay so much money to a hacker, especially when there’s no guarantee your systems will be restored, oftentimes there’s not much choice.“The ransomware is that good. To be honest, we often advise people just to pay the ransom.” said Joseph Bonavolonta, an Assistant Special Agent of the FBI’s CYBER and Counterintelligence Program.
While Bonavolonta and other law enforcement officials have advised to pay the ransom, the US government has oddly enough said the opposite. In a release made public late last month, they noted, “Individuals or organizations are discouraged from paying the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center.”
The reasoning behind this argument is that by paying the ransom, you’re encouraging hackers to attack more practices.