The hackers didn't get a dime from the hospital, but their stunt still resulted in a hefty repair bill.
By Steven Porter
This story was published in Hospital Safety Insider, July 27, 2017.
A hospital that lost control of its computers last spring when hackers unleashed ransomware on its systems has paid nearly $10 million recovering in the past few months.
The hackers had demanded nearly $30,000 worth of bitcoin as ransom, but officials with Erie County Medical Center in Buffalo, New York, declined, knowing there would be no guarantee that the attackers would fully remove their malicious software once paid off, The Buffalo News reported Wednesday.
Instead, the hospital invested in new hardware and software, and it paid for expert advice. Those categories accounted for about half of what has been spent thus far. The other half accounts for overtime pay, lost revenue, and other expenses. Moving forward, officials expect to spend at least $250,000 more per month to continue upgrading technology and educating employees to ward off future attackers.
In the wake of this incident, healthcare workers had to resort to old-school pen-and-paper recordkeeping techniques. But this sort of situation could also threaten patient care more directly.
“Cybersecurity can have a major impact on patient safety,” Mitch Work, MPA, FHIMSS, president and CEO of The Work Group, Inc., told the Patient Safety Monitor Journal. “If hackers are able to access patient records and information, they will conceivably have the capability to change and manipulate patient data, which could have disastrous consequences. Think of [someone] changing medications, patient vital signs, or even diagnoses.”