Lessons Learned From Another Ransomware Attack

Another Ransomware Attack - Lessons Learned

Earlier this month I commented on a Los Angeles hospital’s computer system that was taken over by hackers, and the criminals demanded a ransom payment in bitcoin to release the electronic medical records.   The hospital ended up paying the ransom in 40 bitcoins (approximately $17,000), as demanded by the criminals. In that post I shared some technical advice from the Office of Civil Rights and the FBI to combat the risk of having your electronic records held for ransom.

There has been another news story about a ransomware attack, this time involving a hospital in Kentucky. At least two things are noteworthy about this recent attack:

  • The hospital regained control of its records – without paying the ransom (bitcoin was again demanded)
  • The virus was sent in a malicious email to an employee

 

The second point triggered what my IT team always says: viruses cannot get in themselves – they have to be let in by employees. So I wanted to remind folks of the simpler, less technical advice that may get forgotten:

  • Never open an attachment unless you know what it is, and you trust the sender.
  • Never click on a link in an email message unless you know where it points, and you trust the sender.
  • Never install software without confirming with IT that it’s OK to do so.

PRMS®
4300 Wilson Boulevard, Suite 700, Arlington, VA 22203
(800) 245-3333  |  clientservices@prms.com

Professional Risk Management Services® © 2024


Actual terms, coverages, conditions and exclusions may vary by state and are subject to underwriting. Insurance coverage provided by
Fair American Insurance and Reinsurance Company (FAIRCO), New York, NY (NAIC 35157). FAIRCO is an authorized carrier in California, ID number 3715-7.
PRMS, The Psychiatrists' Program and the PRMS Owl are registered Trademarks of Transatlantic Holdings, Inc., a parent company of FAIRCO.