Austin Cyberattack Proves Just How Disruptive Ransomware Can Be

Earlier this month, a local healthcare system comprising dozens of Austin-based hospitals, clinics, and other facilities suffered a cyberattack. We wanted to share some lessons that local business owners can learn from this situation, because a single attack like this can result in a snowball effect that can end up costing you a lot of time, money, and reputation.

The Story: Ascension Healthcare Network Suffered a Ransomware Attack

On May 8th, the healthcare network Ascension let patients know that they were working “around the clock” in order to restore systems after suffering from some sort of IT outage. Four days later, on the 11th, Ascension updated their patients to let them know that the incident was a ransomware attack.

Since it happened, staff and patients of the massive healthcare network, which has employees and facilities across 19 different states, have been feeling the impact. Care has been much slower than usual, and staff have had to go back to pen and paper to record things.

In an article on KVUE that covered the initial cyberattack a couple of weeks ago, a patient named Adam, who was at a hospital in Round Rock for having a crushed leg with three broken bones in his ankle, said, “Every doctor, PA [physicians assistant] has expressed how frustrating it is. Just, nothing's working, nothing's getting done… It's frustrating and scary and, frankly, I would not have come to this hospital if I knew that this is what I was going to be going through."

I’d hate to be in that situation as a patient—I think we all would—and this is something happening all across the Midwest for hospitals within this particular healthcare system. 

On top of that, since we’re talking about healthcare and medical records, there is a huge risk of data theft and exposure when it comes to cyberattacks. We’ll get to that in a moment. 

How Can a Ransomware Attack Take out a Hospital Network (or Any Business, for that Matter)?

Ransomware is currently one of the most common types of cyberattack. It’s essentially a piece of software that quickly spreads across a single device or network, staking claim to all of the files and data it can. It physically changes all of your data and encrypts it, meaning you lose access to your data. It’s still there on your devices, but it’s inaccessible to you, and you can only get access to it again if you have a big, complex encryption key; essentially a kind of password that the ransomware will then offer to sell to you.

The ransom can vary, but it can be anywhere from hundreds of dollars to hundreds of thousands of dollars. The highest recorded paid ransom sum reported was $40 million. It’s unethical and, in many ways, fruitless to simply pay the ransom, too. If an organization pays the ransom, they are only perpetuating the issue, and the cybercriminals likely already have a way in and can simply take the money and cause more damage.

The thing about ransomware is that it’s just ransomware. The havoc that this attack is causing isn’t from some highly specific, highly targeted campaign to take down the Ascension healthcare system (as far as we know at this time). It’s simply ransomware. It’s the same kind of ransomware that any individual or organization could get.

We’re hearing about this attack because it’s affecting healthcare facilities spread across 19 states. It’s affecting a huge number of patients and staff and that of course gets media attention. You don’t hear about ransomware attacks that cause local law firms or manufacturers or other small businesses to file for bankruptcy or lay off employees or skip Christmas bonuses, because it’s at a much smaller scale.

Ransomware is disruptive, and once it hits you, it does serious damage to your business. It can cripple your business and hurt employee morale and destroy your reputation with your customers.

What Do We Know About This Particular Type of Ransomware:

While there isn’t a lot of information about the attack so far, reports indicate that the ransomware used was something called Black Basta. Black Basta is a type of ransomware known as ransomware-as-a-service. Essentially, the creators of Black Basta sell the ransomware to hackers and cybercriminals. It’s a piece of software that someone can simply purchase and then distribute. The barrier to becoming a cybercriminal and causing massive damage to an organization is simply the cost of buying the rights to use the ransomware, which starts at about $100.

Let’s get back to the attack on Ascension.

Going Back to Normal After a Ransomware Attack is Extremely Challenging

Since the attack involves healthcare data, and likely because Ascension is attempting to do as much damage control as possible, we don’t know if Ascension paid the ransom or not. We know it has been disrupting business as usual, and patients are absolutely feeling it. According to the hospital in Round Rock, there is no timeline for when the hospital will return to normalcy.

On top of that, a former patient has filed a class action lawsuit, claiming that her personal information was leaked during the attack. Multiple agencies, including the FBI, are investigating the attack. The lawsuit is making claims that sensitive healthcare information wasn’t properly encrypted. 

It’s a whole mess, and if that’s the case, the ransomware attack will have uncovered unrelated violations to compliance standards, which just gives the massive hospital network even more to deal with. It’s not good, even if they were doing everything properly and above board.

Any Business, Big or Small, Can Suffer This Fate

We can’t stress this enough; cybersecurity isn’t just a problem for the big corporations. It can and does affect everyone. Your business doesn’t need to have a target on its back, it doesn’t need to be a certain size, and it doesn’t need to deal with a particular type of information or make a certain amount of money. Ransomware is agnostic to its victims.

All organizations need to have proper measures in place to defend against, and mitigate ransomware attacks. This involves taking a multi-step approach. We help Austin-based businesses meet and maintain regulatory compliance standards, as well as defend themselves against the growing risk of cyberattacks. 

Don’t wait until it’s too late, give Capstone Works a call at (512) 343-8891 to get started.