Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Healthcare Organizations Must Consider The Financial Impact Of Ransomware Attacks
Newest First  |  Oldest First  |  Threaded View
ba956
50%
50%
ba956,
User Rank: Apprentice
4/13/2016 | 12:57:29 PM
Re: Healthcare Ransomware attacks
If we assume that a healthcare entity if offline for a calendar week, how many surgeries or other procedures were delayed, rescheduled, or transferred due to the absence of the supporting electrinic health record?

Who is liable when the patient's health is further compromised because they did not receive the proper procedure/care at the right time?  

Operating premise is that the healthcare entity pays the ransom, and gets the data back.   If the data modified and the patients health is compromised as a result of incorract/inaccurate information in their E.H.R, whos assume liability?    Who validates the integrity of the data following a recovery from the ransomware attack? 

Most hospitals have standby procedures which they fall back on during a major IT outage. Older physicians came of age in a pen & paper world and can generally switch back to paper based notes, orders, and patient records.  But younger Docs are generally clueless in this regard. They have always worked in the E.H.R and digital environment -they never had the pen & paper experience.  So thier success is dependent on regular training and drills.  

Some hospitals keep their standby procedures on the computer/network.  This makes for tough sledding when your off the network or down to minimal electrical power.  

 
Bronchae
50%
50%
Bronchae,
User Rank: Apprentice
4/8/2016 | 5:26:01 PM
Healthcare Organizations exposure to Ransomware
Very good point on Ransomware for Healthcare. I appreciate the updated true cost calculations. Your warning should be heeded or the number of real world examples will continue to increase.

 

Bronchae
LordC623
50%
50%
LordC623,
User Rank: Strategist
4/7/2016 | 5:50:59 PM
PR
You forgot to mention the public relations cost. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark Reading,  4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The dead do not laugh...
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10551
PUBLISHED: 2020-04-09
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing ...
CVE-2020-10621
PUBLISHED: 2020-04-09
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVE-2020-11553
PUBLISHED: 2020-04-09
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.
CVE-2020-11554
PUBLISHED: 2020-04-09
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.
CVE-2020-11555
PUBLISHED: 2020-04-09
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.