Ohio Healthcare Provider Hit by Crippling Ransomware Attack
NEO Urology, located in Boardman, Ohio, is still struggling to return to its peak functionality while being forced to deal with the devastating results of a ransomware attack that left their IT system crippled. The attack went unnoticed by workers until a practice administrator arrived at work on Monday to find a fax that had been sent to them. The fax, which listed the contact information for the hackers as “Pay4Day.io”, stated that the hackers demanded $75,000 in order for NEO Urology to regain access to their systems.
With their systems down, NEO urology lost records, information, and personal data for all of the patients and people in their system. With their IT team hard at work, they were completely unable to get past the ransomware unless they met the hackers demands. With no other option they were forced to pay $75,000 worth of bitcoin to the perpetrators.
Most security researchers, including the FBI, recommend not paying ransom to the hackers in these types of attacks. Because of the anonymity and uncertainty of the hackers, paying the ransom doesn’t mean for sure that the victim will regain access to all or even any of their information. Luckily for NEO Urology, access to their systems was eventually restored, but not without some major drawbacks.
Even after paying the ransom that was demanded, the hack still remained in the systems. The hack was so severe that it took three days for NEO Urology to regain access after the payment was made. This put a large damper on the office. During the three days that it took to restore the systems, the business reported a revenue loss of $30,000-$50,000 for each day.
This is a type of cyber-attack that has been on the rise lately. While most breaches in 2018 came from misuse by employees of the industry, ransomware is now responsible for 70% of all the malware attacks. On top of that, as the first quarter of 2019 came to an end it was reported that ransomware attacks are up 195%, with 71% of those attacks targeting small businesses.
Story via healthitsecurity.com