Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Austin Cyberattack Proves Just How Disruptive Ransomware Can Be

Austin Cyberattack Proves Just How Disruptive Ransomware Can Be

Earlier this month, a local healthcare system comprising dozens of Austin-based hospitals, clinics, and other facilities suffered a cyberattack. We wanted to share some lessons that local business owners can learn from this situation, because a single attack like this can result in a snowball effect that can end up costing you a lot of time, money, and reputation.

The Story: Ascension Healthcare Network Suffered a Ransomware Attack

On May 8th, the healthcare network Ascension let patients know that they were working “around the clock” in order to restore systems after suffering from some sort of IT outage. Four days later, on the 11th, Ascension updated their patients to let them know that the incident was a ransomware attack.

Since it happened, staff and patients of the massive healthcare network, which has employees and facilities across 19 different states, have been feeling the impact. Care has been much slower than usual, and staff have had to go back to pen and paper to record things.

In an article on KVUE that covered the initial cyberattack a couple of weeks ago, a patient named Adam, who was at a hospital in Round Rock for having a crushed leg with three broken bones in his ankle, said, “Every doctor, PA [physicians assistant] has expressed how frustrating it is. Just, nothing's working, nothing's getting done… It's frustrating and scary and, frankly, I would not have come to this hospital if I knew that this is what I was going to be going through."

I’d hate to be in that situation as a patient—I think we all would—and this is something happening all across the Midwest for hospitals within this particular healthcare system. 

On top of that, since we’re talking about healthcare and medical records, there is a huge risk of data theft and exposure when it comes to cyberattacks. We’ll get to that in a moment. 

How Can a Ransomware Attack Take out a Hospital Network (or Any Business, for that Matter)?

Ransomware is currently one of the most common types of cyberattack. It’s essentially a piece of software that quickly spreads across a single device or network, staking claim to all of the files and data it can. It physically changes all of your data and encrypts it, meaning you lose access to your data. It’s still there on your devices, but it’s inaccessible to you, and you can only get access to it again if you have a big, complex encryption key; essentially a kind of password that the ransomware will then offer to sell to you.

The ransom can vary, but it can be anywhere from hundreds of dollars to hundreds of thousands of dollars. The highest recorded paid ransom sum reported was $40 million. It’s unethical and, in many ways, fruitless to simply pay the ransom, too. If an organization pays the ransom, they are only perpetuating the issue, and the cybercriminals likely already have a way in and can simply take the money and cause more damage.

The thing about ransomware is that it’s just ransomware. The havoc that this attack is causing isn’t from some highly specific, highly targeted campaign to take down the Ascension healthcare system (as far as we know at this time). It’s simply ransomware. It’s the same kind of ransomware that any individual or organization could get.

We’re hearing about this attack because it’s affecting healthcare facilities spread across 19 states. It’s affecting a huge number of patients and staff and that of course gets media attention. You don’t hear about ransomware attacks that cause local law firms or manufacturers or other small businesses to file for bankruptcy or lay off employees or skip Christmas bonuses, because it’s at a much smaller scale.

Ransomware is disruptive, and once it hits you, it does serious damage to your business. It can cripple your business and hurt employee morale and destroy your reputation with your customers.

What Do We Know About This Particular Type of Ransomware:

While there isn’t a lot of information about the attack so far, reports indicate that the ransomware used was something called Black Basta. Black Basta is a type of ransomware known as ransomware-as-a-service. Essentially, the creators of Black Basta sell the ransomware to hackers and cybercriminals. It’s a piece of software that someone can simply purchase and then distribute. The barrier to becoming a cybercriminal and causing massive damage to an organization is simply the cost of buying the rights to use the ransomware, which starts at about $100.

Let’s get back to the attack on Ascension.

Going Back to Normal After a Ransomware Attack is Extremely Challenging

Since the attack involves healthcare data, and likely because Ascension is attempting to do as much damage control as possible, we don’t know if Ascension paid the ransom or not. We know it has been disrupting business as usual, and patients are absolutely feeling it. According to the hospital in Round Rock, there is no timeline for when the hospital will return to normalcy.

On top of that, a former patient has filed a class action lawsuit, claiming that her personal information was leaked during the attack. Multiple agencies, including the FBI, are investigating the attack. The lawsuit is making claims that sensitive healthcare information wasn’t properly encrypted. 

It’s a whole mess, and if that’s the case, the ransomware attack will have uncovered unrelated violations to compliance standards, which just gives the massive hospital network even more to deal with. It’s not good, even if they were doing everything properly and above board.

Any Business, Big or Small, Can Suffer This Fate

We can’t stress this enough; cybersecurity isn’t just a problem for the big corporations. It can and does affect everyone. Your business doesn’t need to have a target on its back, it doesn’t need to be a certain size, and it doesn’t need to deal with a particular type of information or make a certain amount of money. Ransomware is agnostic to its victims.

All organizations need to have proper measures in place to defend against, and mitigate ransomware attacks. This involves taking a multi-step approach. We help Austin-based businesses meet and maintain regulatory compliance standards, as well as defend themselves against the growing risk of cyberattacks. 

Don’t wait until it’s too late, give Capstone Works a call at (512) 343-8891 to get started.

Alert! Watch Out for Zero-Day Exploits Like These
Everything Business Owners Need to Know About AI
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, December 21, 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Co-managed IT Remote Workers IT Services cloud BDR Best Practices hackers IoT Cloud services Quick Tips Microsoft Teams business continuity Two-Factor Authentication employees managed IT Security IT Support devices January 28 Content Filtering User Tips high-threat environment Workplace Tips Productivity Clutch Server Windows AutoCAD Business Cybersecurity sports teams 2FA business Disaster Planning Cloud Computing Break/fit COVID-19 Delightful New Year Shadow File Folder Architect IT Malware Technology phishing Saving money Servers Hosted Solutions Business continuity 365 features accounts need Data Privacy Day Remote Work Passwords today Data comprehensive IT Managed Service Saving Money Managed IT Users Backup Current Events Ransomware Computer SCAMS Password Data Recovery Internet Network Security Health Business Continuity Collaboration Cloud Communications media accounts Network IT support Hardware smart devices best practices Disaster Recovery Microsoft Compliance business owners Software password protection UPS HIPAA Tip of the Week surge protection Workplace Strategies Mobile Office cybersecurity AI Cyberattack Broadband web application right time EMR cybersecurity tools Microsoft Office AWS Gadgets Communication Engineering Innovation Small Business VoIP Microsoft Office 365 application employees download Marketing Workplace Strategy Remote Passwords Recovery Outsourced IT Cloud computing Social Media Efficiency Apple Privacy Vendor Managed Services Tech Support Email Common password content spam

Latest News & Events

Capstone Works is proud to announce the launch of our new website at https://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works can do for your business.

Call Us Today
Call us today
(512) 343-8891

715 Discovery Blvd
Suite 511

Cedar Park, Texas 78613