We are seeing this a lot, and this situation is one that seems to be cropping up over and over again.
“The ransomware attack encrypted electronic files at the Tuscaloosa, Northport and Fayette hospitals, forcing staff to use a manual paper system to track patient data. All but the most critically ill or injured new patients have been sent to hospitals in Birmingham or Mississippi. Care of the existing patients was not compromised, officials said. New patients will continue to be diverted at least through the weekend, and there’s no timetable of when the system will be restored.”
I don’t know about you, but I’m seeing a bunch of stories like this, involving the healthcare and educational industries, and I think it makes perfect sense. There are two things that I think make both of those areas ripe targets for ransomware.
1. They are typically underfunded when it comes to technology and staff resources to monitor and maintain their technology infrastructure.
2. The hold a lot of personal information, and are required to keep it private. This means they are less likely to take advantage of cloud services like Office365 or AWS. Their data is likely kept onsite for privacy reasons, with no cloud backups, so if you can get ransomware in, you’re likely encrypting all of the available copies right there on the local network. Especially in smaller, and poorer, communities.
What do we do to provide better tools to fight these for kinds of places and for them to get back to treating patients?