An Indiana healthcare organization (HCO) has the dubious honor of becoming the first in 2018 to be forced offline by ransomware.
Hancock Health suffered the attack at around 9.30 pm last Thursday, local time, the HCO revealed in a statement yesterday.
The amount of Bitcoin demanded and the type of ransomware used are at present unknown. However, local reports at the time claimed that the entire network was affected – including 20 physician offices, wellness centers, hospitals and other facilities – forcing doctors, nurses and admin staff back to using pen and paper.
The HCO appears to have recovered remarkably quickly from the incident, presumably restoring from back-ups.
Its statement continued:
“Through the effective teamwork of the Hancock technology team, an expert technology consulting group, and our clinical team, Hancock was able to recover the use of its computers, and at this time, there is no evidence that any patient information was adversely affected. Hancock is continuing to work with national law enforcement to learn more about the incident. We plan to provide additional information to our community regarding this act soon.”
HCOs are thought to be particularly vulnerable to ransomware, given their large number of diverse endpoints and users, sometimes poor levels of cybersecurity, and the criticality of IT systems.
The NHS was famously hit hard by WannaCry in May 2017, with an estimated 19,000 operations and appointments cancelled as a result.
“As all good healthcare professionals know, prevention is better than treatment,” argued Infoblox technology director, Gary Cox.
“All organizations must ensure that their security measures are up to scratch: from having all software patched and up-to-date and making sure users observe best practice, to deploying DNS effectively as an enforcement point to block ransomware.”
McAfee chief scientist, Raj Samani, added that the cybersecurity industry needs to improve its response to attacks on public services through better threat intelligence sharing.
“Traditionally many companies see their intelligence as a way of gaining a competitive advantage. However, as the amount of disruption continues to increase, 2018 needs to be the year where intelligence sharing after a successful attack becomes the norm,” he argued.