In a previous article, we discussed a cyberattack levied against a hospital that basically locked medical staff out of their computer systems. The Hollywood Presbyterian Medical Center in California was hit with a ransomware attack, a terrible event that has finally concluded with the hospital having to pay the cybercriminals.
Although many sources, such as Newsweek, reported that the criminals were demanding more than $3 million, this has since been proven to be false. The actual number was around $17,000, according to a letter published by the hospital's CEO and president, Allen Stefanek.
While seeing a hospital getting back to the duty of healing those in need is certainly a good thing, paying this hacker or group of hackers might be setting a dangerous precedent. Cybercriminals have known for a long time that medical records are extremely valuable, but this most recent event is showing them that they don't even need to gain direct access to these documents necessarily to make money off of them.
Can more hospitals expect ransomware attacks?
Even though Hollywood Presbyterian Medical Center had little choice in the matter – what's $17,000 compared with the inability to heal the sick? – this action is telling the online underworld that hospitals are ripe targets for ransomware attacks. According to "sources familiar with the investigation" cited by Ars Technica, the most likely culprit for this attack was a phishing scheme. This kind of scam generally involves a hacker sending out a massive number of emails with links inside that contain malware. This malware then goes on to infect the individual's computer.
While there isn't any solid evidence that phishing was definitely behind this particular attack, it certainly wouldn't be surprising. Chris Hadnagy, CEO of security consulting firm Social-Engineer, has stated that only around 7 percent of companies train their employees about phishing. A lot of people simply don't know about this kind of hack, and this lack of education can very easily translate to an infected system if a worker happens to open the wrong email. If so many organizations don't focus on scams such as phishing, an attack similar to the one that befell Hollywood Presbyterian Medical Center could happen again.
"Hackers would rather send out mass emails than mass faxes"
FoIP is a reliable means of communication
Although education is the place to start if organizations wish to avoid the most basic of cyberattacks, such as phishing-based ransomware campaigns, it's also worth noting that this hospital fell back on faxing when email and other forms of communication were failing it. Fax over IP, the next step in faxing's evolution, is an incredibly secure means of document transfer.
Not only is it generally safe from phishing attacks – hackers would rather send out mass emails than mass faxes – it's HIPAA compliant as well. And with FoIP's amazing archiving capabilities, a medical facility can access certain records sent by the system, thereby helping to mitigate the damage of a ransomware attack.
Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.