I have mixed feelings. Would proper network segregation have avoided
this problem? Did they have backups? Looks like they had good
insurance – what company?
Zach
Clemens reports that Estes
Park Health suffered
a ransomware attack on June 2. No data was exfiltrated, but it was
locked up, and after consulting with their cyberinsurer and IT
people, they decided that they had to pay the ransom.
“At that point in time we are looking at the patients we have internally, we are looking at what is coming through the door and monitoring everything that was going on,” Leaming said.
And
THAT’s what people who are not in healthcare don’t “get” when
they blithely just advise entities to never pay ransom. If you are a
healthcare facility you have to try to determine whether you can
protect patient safety and health if you don’t pay the ransom. If
your computer system got locked up but you have usable backups, then
you are in a different situation than if your computer system was
locked up and you’re the trauma center for your region. [A
trauma center with or without backups? Bob]
“I think it is important to say that likely the only way to restore the software in the clinic and the only way we were able to restore the imaging and so forth is because our insurance company paid the ransom money and we were able to get the keys to unlock those files,” Leaming said.
Leaming
did not mention having usable backups, and that is something that I
expect the insurer asked about and that OCR will ask about.
EPH had to pay a $10,000 deductible to the insurance company for their payment of the ransom. Yet Leaming did say that an initial amount was paid, and as they were unlocking files, they found more locks, which they had to go back and pay the hackers more.
It
is not clear how much they paid, total. Nor do they reveal the type
of ransomware used.
Read
more on the Estes
Park Trail-Gazette.
[From
the article:
EPH
was left without network access or
even phone service.
… “Luckily
these days everyone generally has cell phones, and we actually keep a
few cell phones for emergency purposes,” Leaming said.
… Leaming
said the backup to the computer system is paper, so after everything
was shut down, it was all entered the old fashioned way, with pen and
paper.
… Leaming
said that their insurance
company has a cyber security firm that they contract with that
immediately responded and gave advice on how to proceed.
For
my Business Continuity / Disaster Recovery lecture. Imagine the
impact when the roads a full of self-driving cars.
Study
finds that a GPS outage would cost $1 billion per day
… Now,
one of the most comprehensive studies on the subject has assessed the
value of this GPS technology to the US economy and examined what
effect a 30-day outage would have—whether it's due to a severe
space weather event or "nefarious activity by a bad actor."
The
study was
sponsored by the US government's National
Institutes of Standards and Technology and
performed by a North Carolina-based research organization named RTI
International.
A newspaper that fakes its news and a President
who has never lied. Or do I have that backwards?
U.S.
Escalates Online Attacks on Russia’s Power Grid
The United States is stepping up digital
incursions into Russia’s electric power grid in a warning to
President Vladimir V. Putin and a demonstration of how the Trump
administration is using new authorities to deploy cybertools more
aggressively, current and former government officials said.
In interviews over the past three months, the
officials described the previously unreported deployment of American
computer code inside Russia’s grid and other targets as a
classified companion to more publicly discussed action directed at
Moscow’s disinformation and hacking units around the 2018 midterm
elections.
(Related)
Trump slams
NYT report on U.S. cyber attacks against Russia
President Donald Trump lashed out at The New York
Times on Saturday for a report that the United States has been
increasing its cyber intrusions into Russia, escalating tensions
between the two countries.
… Citing
administration officials, the Times also reported Trump
was not briefed in detail
on the program out of fear that he would spill secrets to Russians as
he did with classified information to the Russian ambassador and
foreign minister during an Oval Office meeting in 2017
… Trump
flatly rejected the Times' Saturday story, calling it "a virtual
act of Treason by a once great paper so desperate for a story, any
story, even if bad for our Country."
A
cute little interactive mnemonic. (PDF)
Business
Ethics and Artificial Intelligence
Perspective.
Another idea I didn’t have. Perhaps we could do this at home?
Infarm
wants to put a farm in every grocery store
… Infarm,
a 40-plus person startup based in Berlin is developing an “indoor
vertical farming” system capable of growing anything from herbs,
lettuce and other vegetables, and even fruit. The concept might not
be entirely new — Japan has been an early pioneer in vertical
farming, where the lack of space for farming and very high demand
from a large population has encouraged innovation — but what
potentially sets Infarm apart, including from other startups, is the
modular approach and go-to-market strategy it is taking.
This
means that the company can do vertical farming on a small but
infinitely expandable scale, and is seeing Infarm place farms not in
offsite warehouses but in customer-facing city locations, such as
grocery stores, restaurants, shopping malls, and schools, enabling
the end-customer to actually pick the produce themselves.
No comments:
Post a Comment