We all know the story: hospital gets hacked, their files are encrypted, they must pay a ransom to get the files back, so they pay the ransom, and everything turns out alright (except for the loss of thousands of dollars). Well, everything didn’t turn out alright for one hospital in Wichita, Kansas. Despite paying the required ransom, the hackers did not decrypt Kansas Heart Hospital’s files. Instead, they only got partial access to files and the hackers asked for more money, according to Extreme Tech.
Ransomware has been all over the place since last year, affecting individuals, small businesses, large corporations, government entities, and everyone in between. The latest report by the FBI showed $1.6 million lost by individuals and businesses due to ransomware in 2015. It is quickly becoming an epidemic.
Here’s how it works: Once your computer is infected with ransomware, your files (all of them) become encrypted and inaccessible. The only way to gain access to your files is to use the decryption key and the only way to get this key is to pay a certain sum of money to the perpetrators. It can cost between several hundred and several thousand dollars, depending on how big of a target you are.
And hospitals are huge targets. Hackers are taking advantage of healthcare organizations’ critical need for their data. For some hospitals, having access to files is literally a matter of life and death. If they haven’t properly backed up their files, they have no option but to pay the ransom if they wish to prevent downtime and continue seeing patients.
The president of Kansas Heart Hospital Dr. Greg Duick said that they paid the ransom which was “a small amount.” When they never received the decryption key, they were asked to pay a much larger amount of money. Since the investigation is still ongoing, Duick is unable to disclose the exact amount they paid.
Luckily, the hospital’s IT staff had a plan in place to minimize the damage that a ransomware attack could cause. Private patient data was never at risk to exposure and hospital operations continued as usual.
“The patient information never was jeopardized, and we took measures to make sure it wouldn’t be,” Duick said. according to Digital Trends.
However, either this plan did not include a proper backup system or the file backups were decrypted along with the original files (this can happen if both sets of files are stored on the same network). Files should be stored in at least three places: the original files, on a local external backup, and in an offsite cloud backup (such as Carbonite). Having a proper backup system in place will ensure that you won’t have to pay the ransom when ransomware hits your business.