This is topical and well worth a look.
This hospital compromise is disturbing on a variety of levels and is but one of several issues like this over the past several months.
I am not a fan of litigation for the sake of litigation. This is not a case of a money grab. The level of information left unsecure and publicly available is astonishing and this hospital has earned the right to be on the losing end of this legal battle. Kudos to the patients that stood up and fought the good fight. Hopefully this ruling becomes a deterrent for other organizations not taking IT security seriously.
I have posted several articles on this topic to date, frankly because I believe the threat is quite real and needs to be discussed as openly and as often as possible. Here is another recap and perspective from the team at Tripwire.
And the ransomware band plays on for hospitals and medical providers. This is a very disturbing trend and needs to be more thoroughly addressed.
Sadly in this situation, the math made sense for the hospital and the ransom was paid. Unfortunately, there is a much higher cost in the future of the hospital to restore its reputation and build actual defenses against future attacks.
This article demonstrates the undeniable affect of a computer outage on a medical facility, and, therefore, why the limited constructs of HIPAA and its security rule are not enough to properly secure such a critical and sensitive environment.
Minutes and even seconds matter during a medical crisis. Having to divert patients to other, more distant facilities is unacceptable.