$3.6+ Million Dollar Security Mistake


 

CSOOnline.com Reports Hackers take Hospital Offline.

Steve Ragen of the CSOOnline.com is reporting that Hollywood Presbyterian Medical Center is down due to a CryptoLocker Ramsomware attack.  The hospital has been down for over a week, and they have declared an internal emergency.


What are the takeaways?

There are two major items looking from the outside in.  First, the hospital did not put in place security layers that would prevent or mitigate this type of intrusion to their network.  At minimum there was not a plan to stop the spread of the infection further to other machines and systems.  Thus, making the impact larger.


Second, where are their backups?  If you can't stop the infection then you have to have valid backups and restoration procedures to get up and running again.


What is the real cost?

The report is saying ~$3.6 Million Dollars.  When you add in the much harder to calculate soft cost like not being able to service your customers for over a week the cost goes up exponentially.  I am sure the CEO is wishing they has spent more on the IT budget to provide better security, and backups to their facilities.  Hindsight is 20/20, but there are some lessons here for all of us to learn.


Update:

LATIMES.com is reporting that a Ransom of $17,000 in bitcoin has been paid.  It becomes clear that this site did not have a restorable backup.  What is your backup policy?  If you have any questions about your current setup, please give us a call.