Ontario Hospitals Expect Monthlong Ransomware Recovery
Patient Care Still Disrupted and IT Network, EHR System Down Until Mid-December
… TransForm’s decision to rebuild its IT network from scratch, as opposed to taking other remediation options, likely means that core network services that run on servers were affected, said Keith Fricke, partner and principal consultant at privacy and security firm tw-Security.
For example, that could mean servers that provided network authentication services and managed IP address assignments and VoIP servers that support voice communications, he said.
“Additionally, systems providing patch management, endpoint protection – managing encryption and antivirus software -to laptops and workstations, centralized log management, and other information security-related infrastructure services may be in scope for rebuilding,” he said.
An alternative to rebuilding the IT network would be rebuilding an affected server, which can mean reinstalling an operating systems and/or replacing hardware, Fricke said. But that strategy for full recovery is not a sure bet either.
“The risk of trying to remove malware without reinstalling the operating system and/or applications on the server is not fully removing the malware and possible backdoors. Reinfection or continued unauthorized access are possible if the malware/ransomware is not fully eradicated.”