The fact that the Indiana hospital system, Hancock Health was hacked recently isn’t big news these days. Sadly, healthcare security breaches happen all too frequently. What is surprising however is what the health network elected to do about it – they paid the hackers’ ransom demand of four Bitcoin, equal to approximately $50,000 at the time, and then, for reasons we can’t really know, they told people about it.
In subsequent interviews with local media, Hancock Health officials said they decided, after lengthy debate, to pay the ransom that would unlock about 1,400 patient files from unidentified hacker control despite having data back-ups. Rather than wait weeks for a proper system reboot, administrators made the decision to pay to “expedite return to full operations.” A type of ransomware called SamSam was reportedly used and Hancock Health was given 7 days to pay via Bitcoin. “These folks have an interesting business model,” CEO Steve Long said. “They make it just easy enough to pay the ransom; they price it right.”
Ransomware attacks around the globe are on the rise. According to the 2017 Verizon Data Breach Incident Report, ransomware rose 51%. A Google study presented in July, 2017 showed more than $25 million was paid out in ransom over the last two years. Cryptocurrency payment has been the most popular demand although it’s interesting to note even ransomware cybercriminals are seemingly moving away from Bitcoin payments right now given the cryptocurrency’s volatility. Like any other business, they are in it for maximum profit.
Because ransomware isn’t likely going away anytime soon, the question for many organizations is should you pay? Or shouldn’t you? Here are some things to consider:
To Pay or Not to Pay the Ransom
Locked patient files are of course a real problem. In the case of Hancock Health, doctors and nurses were forced to use pen and paper to keep track of medical records. Paying the ransom may be the quickest and most pragmatic solution in the face of chaos. If critical systems are down and your most important task is getting them back up, you just may not have another option.
Then again, if essential files or data are held hostage, and there are no back-ups available, will paying the ransom get you those files back? Unfortunately, payment doesn’t guarantee you will regain access to your information.
Paying ransom demands is actually very similar to a small business having to pay protection money to their local organized crime outfit. By feeding the disease, you are guaranteeing its continued spread. If no one paid ransom anymore, ransomware would rapidly cease to exist… after all, cyber criminals are in it for the cash. This is the line of thinking the FBI takes. The U.S. government doesn’t support paying a ransom or negotiating in any way.
3 Tips to Fight Ransomware
Of course, the best case scenario is you don’t get hit with ransomware at all. Not having to choose between pay or not pay is the best choice. Here are few quick tips to lessen your chances of getting socked with a ransom demand:
- Gain visibility – You can’t protect what you can’t see. It’s important to monitor and control rogue or dark endpoints, whether they’re on or off the network. When you have a good handle on your assets and their current status, you can respond swiftly and effectively.
- Patch all and often – Many ransomware attacks rely on known vulnerabilities. Last year’s WannaCry is but one recent example. Patch all of your endpoints in a timely manner and you’ll head off many attacks before they can even start and improve your overall security posture.
- Containment – Segregate infected devices from the corporate domain and regularly monitor firewall rules to prevent further spread. This way, in the event there is even a whiff of something going wrong, you can prevent a security incident from becoming a company catastrophe.
For more information on the rise of ransomware, strategies for preventing it and recovering from it, take a look at the report Ransomware Protection: Five Best Practices.