Categories
Security

Ransom Attacks are Increasing

datalossCI have been hearing more and more stories like the one in the linked article. Hackers break into a dental office computer system and isolate all the practice data with an encryption program. The dentist has no access to their own practice data and needs to pay a ransom to get it back.

A Burnsville dental office has fallen victim to two costly cyber attacks in the last week. However, instead of having their bank accounts robbed, the hackers demanded they pay a “cyber ransom” after blocking the office’s access to its own patient database. The first ransom demand was on July 8, when $1,000 was demanded, followed by another demand for $600 on July 12.

Source: Dentist hit by cyber ransom twice in Burnsville, Minn. – KMSP-TV

The article has some nonsense in it about government mandates and other irrelevancies. (The comments are worth reading) However the basic problem of data base ransom is happening and it can be devastating. What the article fails to mention but is brought up in the comments is that the doctor surely has a HIPAA data breach violations as well. If someone steals your data base you are guilty of a violation even when you are in fact the victim.

There are several steps the dentist could and should have taken to protect himself and his patients. However the easiest is to have the data backed up automatically multiple times a day online using a professional level service. Off site online backup should not only copy the data files they should make redundant copies stored in multiple locations, they should be HIPAA compliant and they should have state of the art anti-malware systems in place.

Wikepedia:

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion, a threat originally envisioned by Adam Young and Moti Yung), while some may simply lock the system and display messages intended to coax the user into paying.

via Ransomware – Wikipedia, the free encyclopedia.

Leave a Reply

Your email address will not be published.