Brooklyn Hospital Loses Patient Data In Ransomware Attack

A ransomware attack hitting several computer systems at the Brooklyn Hospital Center in New York caused permanent loss of some patient's data.

The hospital tried to recover the data but all efforts were in vain. This indicates that a ransom for decrypting the files was not paid.

Medical records unrecoverable

The attack occurred in late July but the hospital acknowledged it publicly only last week, following what the institution calls "an exhaustive investigation," and after undertaking "diligent remediation efforts."

Attempts to recover the encrypted records, however, remained fruitless, the hospital informs in a public notification. Not all patients are impacted by the incident but there is no estimation on how many are.

The unrecoverable information includes names and certain dental or cardiac images. The hospital highlights that the investigation did not find any evidence that the data was exfiltrated from its systems or otherwise misused.

Ransomware attacks are about encrypting information, not stealing it, and asking for money in exchange for the decryption key.

In this case, the hospital did not provide any details about the ransomware strain used in the attack or the money demanded by cybercriminals.

Backup is the first line of defense

While the notification to patients indicates that the hospital did not give in to the criminal demands, which is recommended by both the infosec community and law enforcement, it also suggests that Brooklyn Hospital Center did not have a proper backup system implemented.

Medical information is important enough to have safe copies as disaster can take multiple forms, not just ransomware; a malfunctioning computer system can corrupt data or a storage drive may fail.

Organizations handling sensitive information should be prepared for such scenarios and have a backup procedure to keep everything safe.

Defending against ransomware, though, is not the same as protecting against software and hardware failures, though, and access to the backups should be tightly controlled so that malware does not reach them.