The Ottawa Hospital has become the latest victim of ransomware attacks when malware locked down four of the hospital’s computers last week, according to an article in the Ottawa Citizen.
According to the article posted earlier this week, The Ottawa Hospital confirmed that four computers in its network of 9,809 were hit with ransomware last week, encrypting the information on those machines and making it inaccessible to hospital administrators.
The article quotes hospital spokeswoman Kate Eggins as stating that the malware locked down the files and the hospital responded by wiping the drives. She also said that no patient information was affected, according to the article.
“The hospital wouldn’t divulge what was on the machines that were infected. However, Eggins said the machines were wiped clean of the infection and the information on the computers was restored through the use of backup copies of the data,” the article stated.
The highly publicized ransomware event at Los Angeles-based Hollywood Presbyterian Medical Center in February brought widespread attention to the threat of ransomware as that attack shut down the hospital’s entire computer system. The hospital paid hackers $17,000 to restore its systems.
As reported by Healthcare Informatics’ Contributing Editor David Raths, the Hollywood Presbyterian event may just be the tip of the iceberg. During the PHI Protection Network Conference in Philadelphia this week, FBI officials and security consultants indicated that these types of attacks on healthcare organizations would increase and are growing more sophisticated. Consultants also stated that many hospitals have been responding to ransomware attacks without publicizing the incidents.
“It is spreading and so laser-focused on healthcare organizations because the systems in a healthcare structure are disorganized, and poor at talking to each other,” Jonathan Fairtlough, managing director for Kroll Cybersecurity and a former Los Angeles County Prosecutor working on high-tech crimes, said, as Raths reported.
The consultants at the conference also provided a number of recommendations for reducing the risk of ransomware, such as banning all personal webmail and surfing on corporate devices and implementing a data backup plan with a longer retention cycle.