Hackers demand $1,000,000 from Grays Harbor Community Hospital to unlock 85,000 patient files
Exploit: Ransomware
Grays Harbor Community Hospital: Healthcare provider operating as part of the Harbor Medical Group
Risk to Small Business: 1.666 = Severe: After an employee accidentally clicked on a phishing email, cybercriminals were able to infect the hospital’s IT infrastructure with ransomware that impacted the provider’s access to medical records, prescription information, and more services, including payment processing. The hackers demanded $1 million to unlock the files, a significant sum that places a serious strain on the cash-strapped hospital. While it’s unclear if the hospital paid the ransom, officials noted that restricted cash flow will threaten the organization’s future financial viability.
Individual Risk: : 2.142 = Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this timeframe are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.
Customers Impacted: 85,000
How it Could Affect Your Customers’ Business: Ransomware is much more than a temporary inconvenience. The astounding costs surrounding repair, restoration, or even ransom payments can significantly impact a company’s ability to continue operating. Once ransomware takes hold of a company’s IT infrastructure, every path forward is expensive and fraught with difficulties. Therefore, identifying and addressing vulnerabilities before they enable a breach is the only effective way of avoiding the costly aftermath of a ransomware attack.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
