Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
SectorsCybersecurity NewsHospitals & Medical Centers

The Ransomware Dilemma: Is Paying Up a Good Idea?

By Sanjay Katkar
Ransomware, Cybersecurity
September 10, 2016

The ongoing fight against ransomware attacks and the cyber criminals perpetuating this menace is more than a full-time job. In a cyber world without boundaries, ransomware has become a worldwide problem where no organization is immune to victimization.

According to some security experts, the first known reports of ransomware attacks took place in Russia in 2005. Over the past 10 years, these attacks have spread to all corners of the globe, successfully targeting hundreds of thousands of business systems and home PCs. And, the effects are mounting: the FBI reported ransomware-driven losses of $18 million over a 15-month period in 2014 and 2015.

The way ransomware works is by making an infected device unusable by locking the screen or system, encrypting its data and then demanding a ransom to unlock and decrypt this data. In some cases, once the user’s PC is infected, the ransomware also displays threatening messages disguised as coming from a law enforcement agency in order to appear credible while intimidating the PC owner. Payment is usually demanded in the form of bitcoins, a virtual currency that is untraceable.

This is apparently what happened at Hollywood Presbyterian Medical Center in California in early February 2016 when it fell victim to malware, which locked the hospital’s computer infrastructure. According to reports, to remain operational and continue providing patient care, the hospital was forced to use “old school” methods including paper records, faxing, and good old-fashioned pen and paper.

In a letter regarding the attack, following a bitcoin payment of $17,000, hospital CEO Allen Stefanek stated “...The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

 

Healthcare Providers Increasingly Targeted

Malware-based attacks on healthcare organizations seem to be on the rise. A recent story from the Los Angeles Times reveals “…since 2010 at least 158 institutions, including medical providers, insurers and hospitals, have reported being hacked or having information technology issues that compromised patient records, federal records show.”   

But is paying the ransom the best approach?  Many experts say this is similar to negotiating with terrorists. By paying what’s demanded, the revenues may then be used to launch attacks on other organizations. There’s also a good chance that cyber thieves will up the ante once they realize you’re willing to pay the ransom. In the end, it’s up to each individual organization to decide whether paying the ransom is right for them. In Hollywood Presbyterian’s case, they were unable to conduct the business of caring for their patients and were even forced to turn away some emergency cases to other area hospitals because a lack of access to their networks. For hospital CEO Stefanek, paying the ransom seemed to be the only way out of this predicament.

 

Humans Often the Weakest Link

Although the specifics of how the attack was waged on the hospital remain unclear, what we do know is that the main way malware is able to infiltrate an organization’s network is through one well-intentioned employee opening an infected email. Although anti-virus software is usually very efficient at blocking spam and malicious emails containing the malware, it is imperative that every organization develop and execute a solid security policy. Part of this policy should include regular training and education sessions for all existing and new employees to ensure they’re up to date on the latest strategies cyber criminals are employing to target, trick and outsmart unsuspecting  personnel.

Organizations must train employees to be wary of opening seemingly innocuous  attachments that come from unknown sources, using the same passwords for a lengthy period of time and clicking on suspicious links and ads. To decrease the potential for breaches due to negligence and just general human behavior, it’s critical to make it a policy to conduct quarterly or half-yearly training sessions on IT security awareness for all employees, and even include these sessions as part of the employee onboarding process.

In these regular sessions, two best practices that employees should be continually reminded to heed are: 

  • Never download attachments or click links in emails received from unwanted or unexpected sources, even if the source looks familiar.
  • Ignore unwanted pop-up ads or alerts, many purporting to come from companies like Microsoft “alerting” you to a problem on your computer, while visiting unfamiliar or even familiar websites.

From an IT department standpoint, best practices should include:

  • Keeping up on all recommended security updates to OS, software and Internet browsers.
  • A focus on strengthening email security. Research has shown that nine out of every 10 viruses that infect a computer reach it through an email attachment. It’s critical that organizations use a spam filter and attachment scanner.Network email security systems, which protect the business as a whole, are also essential as these can help to block hackers and identity theft. And, as remote workers become more commonplace, the endpoint security software installed on laptops needs to be able to enforce the company’s security policies, even when that laptop is not connected to the corporate network.
  • Regular backups for all desktops. Rather than backing up systems while connected to the Internet, offline backups are recommended. Not only will you have a copy of all critical company and customer data, this also ensures that you won’t have to meet the hacker’s demands.

Although it is impossible to prevent every single cyber attack, getting employees involved and invested in the overall IT security health of the organization will decrease the chance that ransomware, delivered through email-based malware in an average-looking email, will wreak havoc. Every business has the power to take preventative action in order to mitigate and even prevent underhanded and illegal blackmail tactics.

KEYWORDS: cyber attack cyber attack losses cyber terrorism ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sanjay Katkar is the Co-Founder and Chief Technical Officer of Quick Heal Technologies, a leading global provider of IT security solutions. He holds bachelor’s and master’s degrees in computer science from University of Pune, India. Katkar, who has been associated with Quick Heal since its incorporation, has spearheaded the development of the company’s enterprise software, technology and services. Quick Heal’s Seqrite data security product line is specifically targeted at small to midsize enterprises and is sold in North America exclusively through channel partners.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • phishing

    4 Steps to Mitigating Third-Party Vendor Cybersecurity Threats

    See More
  • Been Hacked? Let That Be a Lesson to You

    Is Hacking Back with WHOIS a Good Idea?

    See More
  • Down the Toilet Not a Good Idea When Handling a White Powder on Capitol Hill

    See More

Related Products

See More Products
  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!