Hospital Pays $55K Ransomware Demand DESPITE Having Backups

This article is a great example of needing to understand both your RPO (recovery point objective) AND your RTO (recovery time objective).  In the event of a system outage or a ransomware attack, having your data is only half the battle.  You also need the ability to restore that data in a timely manner.  Timely in this this situation is defined as the ability to restore data quickly enough as to not impact business functions.  The hospital in this article had the data they needed in their backups, but could not restore the data quickly enough.  The data had no practical value, so the ransom had to be paid to keep the hospital open.

Backup/Recovery and Disaster Recovery plans need to take into account both RPO and RTO and these goals need to be verified and tested on a regular basis.  Testing gives the peace of mind an organization needs and wants when an attack occurs.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s