That’s a scary headline. You can read the whole article here. Thankfully, Hollywood Presbyterian Hospital can now access its electronic medical health records and return to its mission of treating patients. But make no mistake, this headline will appear again as hackers develop new tools to access information and will target businesses and institutions. The ransom demands will escalate and private information, potentially your private information, will be at risk. Whether or not you are in the IT industry this event should make you cringe….maybe even have a panic attack.
As a former CTO of a healthcare institution this situation is a nightmare scenario for the IT department. How do you even start to explain how this happened? The board and and your patients will be asking: Why you didn’t have everything in place to stop it? How did you not know it was happening until it was too late? What information was compromised? How much is it going to cost outside of the ransom to repair? The answers may be uncomfortable to say and even harder to hear.
So, it begs the question: Should the hospital have paid the ransom or not? What would you have done if you were in their shoes? It’s a tough discussion to have when you don’t know what that organization had in place to protect themselves. Maybe they had all the right things…good firewall, USB mass storage device lockdown, up to date endpoint signatures, no administrative level access to local computers in the organization. But think about your own systems and your own environment. You may think you have the all the right defenses but what if you don’t? If you get hacked and they hold the keys, what do you do? Remember, time is of the essence if someone else has the keys to your kingdom.
This discussion isn’t limited to healthcare. This is just an example that could happen to any industry or business. The very same thing happened to a police department. Are you prepared to be honest regarding your company’s weaknesses and take a new approach? What will it take for your company to realize that this is the new reality. Cyber-ransom is only going to grow.
But it’s not all doom and gloom. Focusing on all levels of cybersecurity protection, workforce training, and risk analysis and management will enable businesses to better withstand attacks and reduce vulnerabilities. Stay vigilant. Look at new technologies. Read the news. Learn from others mistakes. Don’t be the next headline.
~Andy Trogden, CTO