Hancock Health in Indiana was attacked in 2018. They chose to pay a $50,000 ransom and were back up fairly quickly. However, complying with criminals may encourage them in further attacks.
University of Vermont Medical Center suffered an attack in 2020. They decided NOT to pay.
Systems were down for weeks, and the recovery process took nearly 3 months. Hundreds of employees were furloughed during that time. The cost to recover was between $40 - 50 million. All PCs and servers had to be wiped and rebuilt.
It’s a tough choice deciding whether or not to pay. And there’s no guarantee that even if you fork over the ransom, the hackers will keep their word and restore your data.
Lessons learned included:
❖ When an attack is underway, immediately disconnect computers from the network -
but don’t turn them off, you may not be able to turn them back on.
❖ Essential information, including contact information, should be duplicated off network.
❖ Make sure people know how to use back-up processes.
❖ Collect alternative contact information for key personnel, in case hospital system email / phone is inaccessible.
❖ Make a communication plan.
❖ Special lessons for libraries: Encourage users to set up personal accounts with our databases. Maintain core textbooks in print. Rely on interlibrary loan partners in a crisis.
The main takeaways: Be vigilant, be prepared, and practice.
Ascension Technologies provides instructions on what to do if you are hacked on their Cybersecurity page: https://gdaintranet.ascension.org/technology/cybersecurity.
* Special Thanks to Jennifer Barlowe, Clinical Librarian at Ascension Borgess in Michigan, for providing this review and lessons learned for this timely webinar.
No comments:
Post a Comment