Ransomware: Healthcare Fights Back
Regulator, Lawmakers Mull New Steps to Protect Targeted Entities
… “It is out of character for criminals behind ransomware to operate in this manner, based on what we’ve all seen since ransomware started,” says Keith Fricke, a principle consultant at consultancy tw-Security.
“Criminals invest time and money in their ransomware and want a return on their investment,” Fricke says. “They make good on their end of the bargain when paid by a victim, regardless of it being an individual or a company. I feel this is anomalous behavior,” he says. The hard lesson, Fricke says, goes back to ensuring data recovery from backup is possible. Then entities avoid being held for ransom in the first place.
… All organizations should be prepared to deal with potential ransomware attacks by restoring data from current backups, Fricke says. “The HIPAA Security Rule requires disaster planning capability,” he adds. And those plans need to be reviewed and enhanced in light of these latest attacks.
… But not everyone is convinced that tougher ransomware-related criminal laws would help. “Because many of the ransomware attacks come from overseas – many from Romania – I think legislation sounds good, but it will likely be a waste of time and taxpayer money,” says Tom Walsh, founder of consultancy tw-Security. “Even if they did catch someone, then there are extradition rules/treaties” to complicate matters, he says.