There are significant risks when hospitals pay the ransom in a cyberattack, security experts say.
Hundreds of hospitals and health systems have suffered cyberattacks in recent years, and many have agreed to pay the ransom. Federal authorities and most cybersecurity experts advise organizations against paying ransom demands, arguing that they encourage additional attacks and reward criminal groups.
In our special report, “Paying the Ransom,” Chief Healthcare Executive® interviewed several leading cybersecurity experts about the dilemma.
Experts acknowledge hospitals face hard decisions if ransomware gangs have locked up their electronic health records or stolen private patient data. While paying a ransom to protect patients may be the only option for some health systems, cybersecurity experts say hospitals must be aware of the potential problems.
“Even if you pay the ransom, it is not a guarantee that you’re going to get the data back and it’s going to be successful,” says Crane Hassold, a cybersecurity consultant.
Ransomware gangs could ask for more money even after a ransom is paid, experts say. Hassold and other experts say even if the ransom is paid, it could take weeks to recover data and restore systems.
Patterson Cake, a cybersecurity consultant for Avertium, says, “I hate to reward the villains.”
Cake says there are circumstances where it’s understandable that some systems make the call to pay the ransom to protect patients. But he says he’d rather hospitals focus on building their defenses.
Lee Kim, the senior principal of cybersecurity and privacy for HIMSS, says she doesn’t advise health organizations to pay the ransom. Still, she says, “Different organizations a ..
Support the originator by clicking the read the rest link below.
