One Pricy Hospital Bill: Ransomware Attack Costs Hospital $1 Million, Requiring Notice to Municipal Bond Holders



Hospital research labMost organizations think about the impact of a ransomware attack being limited to recovery, legal, PR, and perhaps paying the ransom. In this case bond holders could take a hit.

Pleasant Valley Hospital experienced a significant ransomware attack sometime prior to September 20, 2019 (the end of its fiscal year). The attack, which required over $1 million in new computer equipment and infrastructure improvement costs, started with an initial attack 10 months prior. Attackers infect machines and then choose to lie dormant to allow backups to be created that include the ransomware. Once the ransomware is activated, backups become useless, as they still contain the malware and organizations have no idea how far back they need to go to find a clean backup set.

The massive remediation costs caused the hospitals debt service coverage to fall to 78% - well below the 120% required by their loan agreement. Because of this, the hospital was required to send a notice to their municipal bond holders about the attack and its impact on their financial operations.

The risk of cyber attack (which includes ransomware) is of growing concern to organizations within the municipal market. According threat intelligence company Recorded Future, 133 publicly reported attacks against health-care providers have occurred since 2016, with 47 of occurring in 2019.

Municipal organizations need to protect themselves against sophisticated attacks like that of Pleasant Valley Hospital through impactful security measures proven to lower the risk of successful attack. One such measure is Security Awareness Training. With phishing attacks still one of the primary ransomware attack vectors, teaching users to recognize suspicious emails, attachments, and links can materially reduce the threat surface.


Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/nuclear-ransomware

Topics: Ransomware

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews