Back in February 2016, it was reported that Hollywood Presbyterian Hospital had become the latest high-profile victim of a cyber-attack. Hackers had gained control of the hospital’s network and encrypted all patient records. Doctors and staff were also prevented from utilizing their email applications and had to rely on instead upon fax, phone or face-to-face communication. While hospital representatives stated that the quality of patient care had not been affected, others voiced their frustration over the inability to access health records and test results in the timely manner to which our modern healthcare industry has become accustomed.
The method of attack in this case was a form of Ransomware. Ransomware has existed for several years, with the number of attacks escalating yearly. Recently, hackers have shifted their focus away from individuals to large corporations. Why? If an individual is willing to pay $300 in bitcoins to recover their data, then surely a large company would be able to pay out much, much more. In the case of Hollywood Presbyterian, it was initially reported that hackers were seeking $3.4 million dollars worth of bitcoins. The actual amount paid, $17,000, was considerably lower, but still illustrates a perilous precedent.
In truth, any company can be a victim of a ransomware attack. All it takes is a seemingly harmless or everyday email with an attachment. At first glance, everything appears normal but it is actually carrying an executable program that in turn encrypts files and the only way to get the key to unlock the encryption is to pay the ransom. This is likely why hospital officials considered the attack to be random rather than malicious.
So, what can corporations and institutions do to safeguard against these kinds of attacks? One of the first lines of defense is the authentication system. By moving towards risk-based profile authentication or layering authentications, companies can make it harder for a hacker to go unnoticed. Other recommendations include backing up corporate data, taking advantage of cloud storage and redundancy, plus keeping antivirus and anti-malware software up-to-date.
RenovoData is a leading regulatory-compliant, cloud data protection IT services company. Our solutions range from File and Database Backup, Server Recovery, Disaster Recovery as a Service (DRaaS), Custom Cloud Hosting and Consulting solutions for on-premises and hosted environments.