Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Austin Cyberattack Proves Just How Disruptive Ransomware Can Be

Austin Cyberattack Proves Just How Disruptive Ransomware Can Be

Earlier this month, a local healthcare system comprising dozens of Austin-based hospitals, clinics, and other facilities suffered a cyberattack. We wanted to share some lessons that local business owners can learn from this situation, because a single attack like this can result in a snowball effect that can end up costing you a lot of time, money, and reputation.

The Story: Ascension Healthcare Network Suffered a Ransomware Attack

On May 8th, the healthcare network Ascension let patients know that they were working “around the clock” in order to restore systems after suffering from some sort of IT outage. Four days later, on the 11th, Ascension updated their patients to let them know that the incident was a ransomware attack.

Since it happened, staff and patients of the massive healthcare network, which has employees and facilities across 19 different states, have been feeling the impact. Care has been much slower than usual, and staff have had to go back to pen and paper to record things.

In an article on KVUE that covered the initial cyberattack a couple of weeks ago, a patient named Adam, who was at a hospital in Round Rock for having a crushed leg with three broken bones in his ankle, said, “Every doctor, PA [physicians assistant] has expressed how frustrating it is. Just, nothing's working, nothing's getting done… It's frustrating and scary and, frankly, I would not have come to this hospital if I knew that this is what I was going to be going through."

I’d hate to be in that situation as a patient—I think we all would—and this is something happening all across the Midwest for hospitals within this particular healthcare system. 

On top of that, since we’re talking about healthcare and medical records, there is a huge risk of data theft and exposure when it comes to cyberattacks. We’ll get to that in a moment. 

How Can a Ransomware Attack Take out a Hospital Network (or Any Business, for that Matter)?

Ransomware is currently one of the most common types of cyberattack. It’s essentially a piece of software that quickly spreads across a single device or network, staking claim to all of the files and data it can. It physically changes all of your data and encrypts it, meaning you lose access to your data. It’s still there on your devices, but it’s inaccessible to you, and you can only get access to it again if you have a big, complex encryption key; essentially a kind of password that the ransomware will then offer to sell to you.

The ransom can vary, but it can be anywhere from hundreds of dollars to hundreds of thousands of dollars. The highest recorded paid ransom sum reported was $40 million. It’s unethical and, in many ways, fruitless to simply pay the ransom, too. If an organization pays the ransom, they are only perpetuating the issue, and the cybercriminals likely already have a way in and can simply take the money and cause more damage.

The thing about ransomware is that it’s just ransomware. The havoc that this attack is causing isn’t from some highly specific, highly targeted campaign to take down the Ascension healthcare system (as far as we know at this time). It’s simply ransomware. It’s the same kind of ransomware that any individual or organization could get.

We’re hearing about this attack because it’s affecting healthcare facilities spread across 19 states. It’s affecting a huge number of patients and staff and that of course gets media attention. You don’t hear about ransomware attacks that cause local law firms or manufacturers or other small businesses to file for bankruptcy or lay off employees or skip Christmas bonuses, because it’s at a much smaller scale.

Ransomware is disruptive, and once it hits you, it does serious damage to your business. It can cripple your business and hurt employee morale and destroy your reputation with your customers.

What Do We Know About This Particular Type of Ransomware:

While there isn’t a lot of information about the attack so far, reports indicate that the ransomware used was something called Black Basta. Black Basta is a type of ransomware known as ransomware-as-a-service. Essentially, the creators of Black Basta sell the ransomware to hackers and cybercriminals. It’s a piece of software that someone can simply purchase and then distribute. The barrier to becoming a cybercriminal and causing massive damage to an organization is simply the cost of buying the rights to use the ransomware, which starts at about $100.

Let’s get back to the attack on Ascension.

Going Back to Normal After a Ransomware Attack is Extremely Challenging

Since the attack involves healthcare data, and likely because Ascension is attempting to do as much damage control as possible, we don’t know if Ascension paid the ransom or not. We know it has been disrupting business as usual, and patients are absolutely feeling it. According to the hospital in Round Rock, there is no timeline for when the hospital will return to normalcy.

On top of that, a former patient has filed a class action lawsuit, claiming that her personal information was leaked during the attack. Multiple agencies, including the FBI, are investigating the attack. The lawsuit is making claims that sensitive healthcare information wasn’t properly encrypted. 

It’s a whole mess, and if that’s the case, the ransomware attack will have uncovered unrelated violations to compliance standards, which just gives the massive hospital network even more to deal with. It’s not good, even if they were doing everything properly and above board.

Any Business, Big or Small, Can Suffer This Fate

We can’t stress this enough; cybersecurity isn’t just a problem for the big corporations. It can and does affect everyone. Your business doesn’t need to have a target on its back, it doesn’t need to be a certain size, and it doesn’t need to deal with a particular type of information or make a certain amount of money. Ransomware is agnostic to its victims.

All organizations need to have proper measures in place to defend against, and mitigate ransomware attacks. This involves taking a multi-step approach. We help Austin-based businesses meet and maintain regulatory compliance standards, as well as defend themselves against the growing risk of cyberattacks. 

Don’t wait until it’s too late, give Capstone Works a call at (512) 343-8891 to get started.

Alert! Watch Out for Zero-Day Exploits Like These
Everything Business Owners Need to Know About AI
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 07, 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Microsoft Office Shadow Microsoft Teams 2FA Workplace Tips sports teams business continuity cybersecurity Computer Health smart devices Remote Managed Services Common password content best practices Malware Workplace Strategy Security Two-Factor Authentication 365 features Cloud computing Cloud Communications Mobile Office Outsourced IT high-threat environment Current Events SCAMS Data Recovery IT support Passwords today Privacy application employees download Clutch Ransomware Tip of the Week Network Security Hardware IoT Hosted Solutions Server January 28 web application AutoCAD right time Data Passwords Co-managed IT Cyberattack Users Small Business Technology Password password protection Microsoft Office 365 employees Innovation Cloud Computing Broadband File Folder Remote Work Network Gadgets Managed Service Best Practices Vendor surge protection Data Privacy Day Internet AI BDR Social Media phishing Marketing UPS Business Cybersecurity Servers Microsoft COVID-19 Efficiency Architect IT cybersecurity tools Quick Tips AWS User Tips Windows Productivity Break/fit Content Filtering New Year Disaster Planning devices Remote Workers accounts need cloud Backup Business continuity Workplace Strategies IT Services business owners spam IT Support Cloud services Saving Money Managed IT media accounts Communication Software Delightful Disaster Recovery Recovery Engineering Tech Support HIPAA EMR comprehensive IT Saving money Email managed IT VoIP Apple business Compliance hackers Business Continuity

Latest News & Events

Capstone Works is proud to announce the launch of our new website at https://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works can do for your business.

Call Us Today
Call us today
(512) 343-8891

715 Discovery Blvd
Suite 511

Cedar Park, Texas 78613