Buffalo hospital spends $10M to recover from ransomware

NY Hospital sinks $10M to rebuild systems after ransomware hit

Ransomware completely took over Erie County Medical Center’s (ECMC) computer systems in April 2017. The malware corrupted the systems completely and the hackers demanded $30K in ransom. Interestingly, the medical facility spent approximately $10 million to rebuild its systems instead. Roughly 1/2 of those funds were the cost of hardware and software, and consulting services to rebuild the systems. The remaining staggering $5 million was allocated for damages as a result of the ransomware attack, such as:

  • lost productivity
  • lost revenues
  • overtime pay for system recovery

According to The Buffalo News, an additional $400,000 will be spent monthly to enhance the facility’s cyber security. However, with the growing cyber security threats, a misconception has adopted by many— the more more money and resources are spent on security the get better protection one gets. The correlation just isn’t there. Regardless of how much money is spent on protection one could still be infected unless they find the right balance of security, backup and ongoing education.

  • Security: Antivirus software should be considered essential for any business to protect against ransomware and other risks. Ensure your security software is up to date to protect against newly identified threats. Keep all business applications patched and updated to minimize vulnerabilities.
  • Backup: Modern total data protection solutions take snapshot-based, frequent incremental backups as frequently to create a series of recovery points. If a business suffers a ransomware attack, this technology allows to roll-back the data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can not be contracted again.
  • Education: Ongoing education is essential to protect your business from ransomware. It’s critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure. It’s also a good idea to conduct formal training sessions to inform staff about the risk of ransomware and other cyber threats.

 

Leave a Reply