Last week, a hospital based in Wichita, Kansas was hit with ransomware.
Yes, the hospital paid the ransom in hopes of getting back to business as soon as possible, but the payment only partially decrypted their files. Instead, the cybercriminals demanded more money to decrypt the rest.
The hospital refused to pay a second ransom because it was no longer “a wise maneuver or strategy.”
President Greg Duick, MD declined to say how much money the Kansas hospital paid, only that it was “a small amount.”
This Kansas hospital is not alone in their struggle. According to Healthcare IT News, more than half of hospitals in their poll were hit with ransomware in the last 12 months.
The Wichita hospital had a plan for this type of attack, but it couldn’t stop ransomware from happening. Brendan FitzGerald, HIMSS Analytics Research Director for Advisory Solutions, said that 73% of the health systems they surveyed also have a business continuity plan in place. Unfortunately, if ransomware hits, the plans might not be enough.
If the best laid plans aren’t sufficient, what do hospitals need to do the most? A recent Varonis poll of healthcare IT professionals provides an answer: those infected by ransomware reported that the biggest change to their existing plans after the attack was to increase security education for employees.
You’re in luck!
We are delighted to offer this free video training course with noted security researcher Troy Hunt, who covers everything you need to know about ransomware.
Also, our ransomware guide for hospitals is worth your while.