Ransomware events are all around us. What should you do if you think your organization is under attack? Below is an example of how quick thinking and preemptive action made the difference between containing a hack and helplessly watching it spiral out of control.
The Situation
Jackson Hospital’s emergency room in Florida reported that it couldn’t connect to the charting system that doctors use to look up patients’ medical histories. Jamie Hussey, Jackson Hospital’s IT director, realized that the charting software, which was maintained by an outside vendor, was infected with ransomware. He made a bold decision: to shut the IT systems down immediately.
The entire hospital temporarily switched to downtime procedures. Staff ditched the electronic records and reverted to pen and paper to keep the hospital up and running. Most importantly, patient care wasn’t disrupted.
The Fall Out
A few days after the event, systems are slowly coming back online. Working with a cyberattack provider, the hospital’s IT team is sifting through the files to access the damage. The situation could have been far more serious had decisive action not been taken immediately. Shutting the systems down was the best way to secure the network.
The ransomware found on the charting system is known as Mespinoza, which is spread using RDP brute force attacks. Once a network is breached, it uses tools like mimikatz and psexec for lateral movement.
The group relies on a MagicSocks tool based on the open source software Chisel which can pass through firewalls to create tunnels for continued remote access.
It will take weeks to determine the extent of the damage to the hospital’s IT systems. The hospital doesn’t want to pay a ransom to get their data back.
Lessons Learned
Don’t think a cyberattack can’t happen to your business. Despite the ongoing pandemic, healthcare organizations are particularly vulnerable to hacks.
According to a Comparitech report, 560 healthcare organizations were victims of ransomware attacks in 2020. These attacks cost $20.8 billion in downtime in 2020, double the amount from 2019.
Recovery Point helps organizations recover quickly from cyberattacks. Our multi-layered air-gapped backup and disaster recovery strategies are the winning combination that protects organizations against paying ransoms if data is compromised.
If data can be accessed on a network, a hacker can attempt to ransom it. The solution is air gapping. This process creates periodic “air gap” copies of data on tape or other offline media, storing it offsite so it is inaccessible via your network. Another air gap option is cloud-based immutable object storage which establishes another layer of protection. Don’t delay – learn how to protect your data. Contact Recovery Point today.
Read more about the Florida hospital ransomware attack: How quick thinking stopped a ransomware attack from crippling a Florida hospital – CNNPolitics
