Ransomware. Backups. MTTR. Disaster Recovery. Business Continuity.

Ransomware and hospitals.  Not a great combination.

The Register is reporting that Hancock Hospital paid ransom attackers $60,000 to get control of their system back.

Pictured: Hancock Health, 801 N. State St. in Greenfield.(Tom Russo | Daily Reporter)

Hancock Health in Indiana was hit with a ransomware attack last week.  As the hospital detected “something wrong”, they decided to shut down all hospital systems, all wellness center systems, Physicians offices systems and, in fact, the entire Hancock Health Network.

The attack put the hospital and its affiliates back into the medical stone age.  No electronic medical records.  No email.  All paper.

Like many other attacks, this attacker, apparently, found a publicly exposed remote desktop protocol (RDP) open port and the rest, as they say, was history.

When the hospital figured out that it was being attacked they contacted the FBI and an outside IT specialist.  However, the Lone Ranger used all of the silver bullets up – there are  none left.

This is where the title of this blog post comes in.

If you get hit with a ransomware attack, the experts say that you are okay if you have good backups.  Well, maybe.

But there is more to it.

Business continuity –  can you continue to operate while you sort things out.  In this case, the hospital reverted to paper.  But paper is slow and cumbersome and introduces errors.

Disaster recovery – do you have a plan for how you are going to recover from the disaster.

MTTR – MTTR standards for mean time to repair.  That goes along with RTO or Recovery Time Objective and RPO or Recovery Point Objective.  All of these mean HOW LONG WILL IT TAKE TO GET BACK IN OPERATION?  And, HOW MUCH DATA ARE YOU WILLING TO LOSE?

That is what tripped up Hancock.  They decided to pay the $60k and get working again.

The county in which Charlotte, NC is in, Mecklenburg, decided that they were not going to pay the ransom and it is still recovering, months later.

In late 2016,  Madison County, Indiana, decided to pay their ransom to get access to their data – it cost them $200,000.

According to the FBI, there are thousands of these attacks every day.  According to some reports, ransomware is a $9 billion industry.

So as you think about how to deal with a possible ransomware attack; think about this:

  • Backups
  • Mean Time To Repair
  • Business Continuity
  • Disaster Recovery

Put those all together and you will be in pretty good shape.


Information for this post came from The Register and The Greenfield Reporter.

Leave a Reply

Your email address will not be published.