Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/19/2016
11:00 AM
Andrew Hay
Andrew Hay
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
100%
0%

Adding Up The Total Costs of Ransomware

It's a lot more than just the ransom. We did the math.

You may have already heard about the $17,000 ransom that Los Angeles-based Hollywood Presbyterian Medical Center paid to regain control of their systems after the news broke Feb. 12. Time the news broke to the time the ransom was paid: four days. It may have started days before the news leaked but, for the sake of this blog post, we’ll assume four days total.

According to the American Hospital Directory, Hollywood Presbyterian had $974,387,384 in revenue and $20,979,948 in net income for 2015. If we divide both figures by 365 days we see that the hospital takes in roughly $2.7 million in revenue and generates $57,479 of net income per day. It was noted in several reports that long delays were experienced by patients and that medical information was being shared via phone and fax between doctors.

Let’s assume a 5% attrition per day for patients that decided to go to another hospital instead of dealing with the degraded experience. That’s a very conservative estimate, resulting in only 1.3 patients leaving per day, based on the 12,291 reported discharges in 2015. Hollywood Presbyterian is not the only hospital nearby. In fact, the Kaiser Permanente Los Angeles Medical Center is only 0.3 miles away (a 6-minute walk according to Google Maps) so our attrition rate is likely a conservative figure.

Our estimates show that Hollywood Presbyterian, with an attrition rate of 5% for the affected days, could have lost as much as $533,911 in revenue. This would have resulted in roughly $11,496 in net income losses.

Even using extremely casual attrition estimates of 1% still shows a meaningful impact on both revenue and income coming in at $106,782 and $2,299, respectively. 

As you can see, the reported $17,000 ransom was not the only expense incurred by Hollywood Presbyterian. These are, however, rough estimates. The estimates do not quantify the damage to the hospital’s brand and reputation, nor will it account for the reactionary investment in new security technologies that the hospital will undoubtedly be purchasing and implementing. The estimates also do not factor in the employee costs associated with diagnosing and addressing the issues during the incident.

And then there is the way the medical personnel exchanged information -- phone and fax. It’s with a high degree of confidence that some personally identifiable information (PII) and non-public information (NPI) was shared using these "traditional-non-traditional" methods of information exchange. As the organization likely digitizes nearly all of its data transmissions, what is the likelihood that some PII or NPI was exposed over the four-day period? I would argue that the likelihood is higher than usual and higher than what HIPAA and HITECH would deem compliant. I would not be surprised if the fallout of this event echoes for months to come. 

Andrew Hay is the CISO at DataGravity where he advocates for the company's total information security needs and is responsible for the development and delivery of the company's comprehensive information security strategy. Prior to that, Andrew was the Director of Research at ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.