I tried to sign into my MyScripps account a few weeks ago only to discover that the site was down. I discovered that the entire Scripps Healthcare system had been hacked. Over the next few weeks, Scripps said very little, except that they were working on the problem. For weeks Scripps had no medical records, and everything was done on paper, the old fashioned way. Anyone who was critically ill was in deep trouble. No records of their health history were available, and many patients had to be transported to other hospitals for treatment. A 40 year veteran of nursing told me that the week after the cyber attack was the worst time in her career.
Ransomware isn't new. It's a form of malware that can lock up networks and deny access to business-critical data unless the victim pays a ransom-often in bitcoin and often millions of dollars-to the attackers. Ransomware attackers are preying on businesses now because of the transition to remote work and the uncertainty caused by the pandemic. Healthcare companies are often exploited, but any business, large or small is a potential target.
Should the ransom be paid? Law enforcement officials say that if there is any other way to handle it, ransom should not be paid. Paying a ransom does not guarantee return of the stolen data. Companies in general need to practice good cyber hygiene. Many companies don't do a good enough job, so networks must be made secure.
More than 300,000 victims in over 150 countries fell victim to ransomware over the course of one weekend, with businesses, governments, and individuals across the globe affected. The hackers are sometimes criminal organizations, sometimes countries. Many of the companies reside in Russia, although they are not the government itself.
Ransomware is like Covid-19, always evolving, with new variants continually appearing in the wild and posing new threats to businesses. It seems to me that protecting information should be a top priority for government agencies and businesses alike. We have the technology to make computers secure. Now we just have to spend the money to implement it.
No comments:
Post a Comment