Network SecurityData Backup and Recovery Saved this Hospital from Paying the Ransom

A Hospital in Henderson, Kentucky is the second victim of a ransomware attack in the last two months. The first attack using the same ransomware, called Locky, took place in California several weeks ago. The hospital was locked out of its network for 7 days and forced to pay $17000 in bitcoin to regain access. Henderson’s Methodist Hospital experienced a  network security breach beginning Friday, when an employee opened a spam email attachment that slipped through the spam filter. Their network was shut down for 4 days and ransomed for $1600. They have stated that they were able to regain control without paying the money due to a robust and well tested backup and recovery plan. Here are some details according to Threatpost.com:

The attack began last Friday and lasted for four days. Officials at the hospital told a reporter at a local news station on Monday their system was “up and running.” Unlike Hollywood Presbyterian, which reportedly paid $17,000 to get its files back, Methodist officials claim not to have paid.

The hospital’s chief operating officer David Park told 14 News last Friday that the attackers copied patients’ records, encrypted them and deleted the originals, a pattern of activity that resembles Locky. As is customary with attacks of this nature, Park acknowledged the hospital was working with the FBI and that it activated a backup of its system shortly after the attack started.

According to Reid, the ransomware quickly managed to spread from one machine to the entire network, something that forced the hospital to take all of its computers offline until it could scan each one for the ransomware.

For what it’s worth officials at the hospital told 14 News’ Jessica Gavin that in the wake of the attack they’re restructuring their network and starting an employee training program to prevent future virus outbreaks. While hospitals have increasingly found themselves targets for ransomware over the last few months, Lawrence Abrams, a computer forensics expert and founder of BleepingComputer.com, doesn’t think attackers are singling out them out in particular. “I do not believe at this time that the ransomware developers and distributors in these stories are actually targeting hospitals. They are instead looking for vulnerable sites to hack in order to spread ransomware and hospitals that were infected did so by user error,” Abrams wrote Tuesday.

Attacks like these are becoming more common. The hackers are constantly evolveing their techniques and it is more important than ever to evolve with them. Having a throrough data security package with robust IT Support is crucial to protect your vital data. Is your network protected? Let the staff at Great Lakes Computer help you make your network the most secure it can be.

Learn more about our Data Security Product Suite