Sunday, June 16, 2019


I have mixed feelings. Would proper network segregation have avoided this problem? Did they have backups? Looks like they had good insurance – what company?
Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom.
At that point in time we are looking at the patients we have internally, we are looking at what is coming through the door and monitoring everything that was going on,” Leaming said.
And THAT’s what people who are not in healthcare don’t “get” when they blithely just advise entities to never pay ransom. If you are a healthcare facility you have to try to determine whether you can protect patient safety and health if you don’t pay the ransom. If your computer system got locked up but you have usable backups, then you are in a different situation than if your computer system was locked up and you’re the trauma center for your region. [A trauma center with or without backups? Bob]
I think it is important to say that likely the only way to restore the software in the clinic and the only way we were able to restore the imaging and so forth is because our insurance company paid the ransom money and we were able to get the keys to unlock those files,” Leaming said.
Leaming did not mention having usable backups, and that is something that I expect the insurer asked about and that OCR will ask about.
EPH had to pay a $10,000 deductible to the insurance company for their payment of the ransom. Yet Leaming did say that an initial amount was paid, and as they were unlocking files, they found more locks, which they had to go back and pay the hackers more.
It is not clear how much they paid, total. Nor do they reveal the type of ransomware used.
Read more on the Estes Park Trail-Gazette.
[From the article:
EPH was left without network access or even phone service.
… “Luckily these days everyone generally has cell phones, and we actually keep a few cell phones for emergency purposes,” Leaming said.
Leaming said the backup to the computer system is paper, so after everything was shut down, it was all entered the old fashioned way, with pen and paper.
Leaming said that their insurance company has a cyber security firm that they contract with that immediately responded and gave advice on how to proceed.




For my Business Continuity / Disaster Recovery lecture. Imagine the impact when the roads a full of self-driving cars.
Study finds that a GPS outage would cost $1 billion per day
Now, one of the most comprehensive studies on the subject has assessed the value of this GPS technology to the US economy and examined what effect a 30-day outage would have—whether it's due to a severe space weather event or "nefarious activity by a bad actor." The study was sponsored by the US government's National Institutes of Standards and Technology and performed by a North Carolina-based research organization named RTI International.




A newspaper that fakes its news and a President who has never lied. Or do I have that backwards?
U.S. Escalates Online Attacks on Russia’s Power Grid
The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.
In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.


(Related)
Trump slams NYT report on U.S. cyber attacks against Russia
President Donald Trump lashed out at The New York Times on Saturday for a report that the United States has been increasing its cyber intrusions into Russia, escalating tensions between the two countries.
Citing administration officials, the Times also reported Trump was not briefed in detail on the program out of fear that he would spill secrets to Russians as he did with classified information to the Russian ambassador and foreign minister during an Oval Office meeting in 2017
Trump flatly rejected the Times' Saturday story, calling it "a virtual act of Treason by a once great paper so desperate for a story, any story, even if bad for our Country."




A cute little interactive mnemonic. (PDF)
Business Ethics and Artificial Intelligence




Perspective. Another idea I didn’t have. Perhaps we could do this at home?
Infarm wants to put a farm in every grocery store
Infarm, a 40-plus person startup based in Berlin is developing an “indoor vertical farming” system capable of growing anything from herbs, lettuce and other vegetables, and even fruit. The concept might not be entirely new — Japan has been an early pioneer in vertical farming, where the lack of space for farming and very high demand from a large population has encouraged innovation — but what potentially sets Infarm apart, including from other startups, is the modular approach and go-to-market strategy it is taking.
This means that the company can do vertical farming on a small but infinitely expandable scale, and is seeing Infarm place farms not in offsite warehouses but in customer-facing city locations, such as grocery stores, restaurants, shopping malls, and schools, enabling the end-customer to actually pick the produce themselves.



No comments: