The Brooklyn Hospital servers infected with ransomware leads to a permanent loss of certain patient records. The hospital center started notifying patients about the incidents and steps taken to recover from the attack.
Ransomware is a type of malware that gains access to the website and encrypts the data present in the system and to restore the data it asks for ransom payment that to be paid in cryptocurrencies.
There are thousands of different ransomware strains in existence today, varying in design and sophistication. The attackers employ several advanced tactics to distribute malware.
Brooklyn Hospital Ransomware Attack
The hospital learned the unusual activity in their servers in July 2019, once the incident spotted the hospital immediately launched a forensic investigation and started working with a third-party forensic investigation firm to determine the nature of the incident.
The investigation shows no data has been exfiltrated from the hospital servers, on September 4, 2019, the investigation confirms that the incident was due to malware.
All the efforts by the hospital to recover the data fails, a certain amount of patient records remain unrecoverable.
“We have determined that the unrecoverable information may include patient name and certain dental or cardiac images. As stated, there is no evidence of actual or attempted misuse of any personal information.” Brooklyn Hospital reported.
The affected patients will be getting Email, on “which contains information on what they can do to better protect against the possibility of identity theft and fraud should they feel it is appropriate to do so.”
Ransomware Protection Methods
The proper backup mechanism is the first layer of defense for ransomware attacks, sometimes that backup within the server itself gets compromised, maintaining an external backup is recommended.
Behavioral and pattern analysis helps to detect the infection earlier. According to a recent survey most of the ransomware attacks carried through spam and phishing emails, have an email security tool and by educating users this can be avoided.