The Downside of Ransomware
Lets ignore the usual side effects of ransomware like it disrupts your business, costs you a lot of money if you are hacked and makes your clients annoyed.
Sometimes that escalates a bit.
The Oklahoma Institute of Allergy, Asthma and Immunology posted a notice on it doors earlier in the month announcing that it is closing effective immediately due to a cybersecurity event – no doubt what the rest of us call a ransomware attack. Closing as in FOREVER.
The notice also said that their insurance company, Amtrust, will be sending out information to all parties that were potentially affected and you will be notified promptly.
Regrettably, they said, due to the magnitude of the event there could potentially be a time delay in notification as information may be difficult to access (even though the sentence above says you will be notified promptly). Still sounds like ransomware.
While the clinic is continuing to do a limited number of injections for some patients, other patients posted on Facebook that they showed up for scheduled appointments and were turned away.
“This office is permanently closed. There are no phones, no computers, no paper medical records and no staff here. I found that out at my 8:15 a.m. appointment this morning. Everything is gone,” one patient said on Facebook.
Other patients were concerned about getting access to medications that they already paid for.
This is the ultimate downside to ransomware. It sounds like they had some level of cyber insurance, but between the fines from the feds and the lawsuits from angry patients, likely that money will be exhausted quickly.
While the doctors could file for bankruptcy, both personally and as a business, that will not get them out of any lawsuits or federal government fines. Those are likely not dischargeable. While there could be criminal charges, likely most of the litigation is civil, so if want an attorney, there is no public defender.
One of the owners claimed to have contacted the FBI about the incident, but the FBI denies that ever happened.
It is pretty clear that the owners are in way over their head and that is often the case when the company does not have a documented and tested incident response program. Small businesses are often the most exposed because they have very limited IT or cybersecurity resources. But the hackers don’t really care about that. Neither do the lawyers.
If you are concerned that you are not adequately prepared, please contact us.
Credit: The Record
by 