Latest Ransomware Attacks Show Diversity of Victims
What Do They Have in Common? Difficult Recovery
… No matter what type of business is targeted for ransomware, “the technical and administrative steps to prevent, detect and recover from a ransomware attack would be very similar,” says Tom Walsh, president of consulting firm tw-Security. “The exception – in healthcare, organizations have to automatically assume that ransomware is also a reportable breach [under HIPAA].”
That breach reporting requirement, Walsh says, “greatly impacts the efforts needed for analysis, containment, eradication and recovery. For example, other industries could restore a server from bare metal and blow away the logs. In healthcare, all of the log data needs to be preserved for forensic analysis to determine if there was unauthorized access to protected health information.”
As for NVA reportedly saying that some of its locations were not impacted by the ransomware attack because each runs its own IT, there are pros and cons to this approach, Walsh notes.
While the isolation might keep the malicious code from spreading to other NVA facilities, “each hospital probably has a small IT staff doing their own thing with no economies of scale – which is one of the advantages of being part of a larger organization.”