Could Your Data Be Hijacked and Held for Ransom?

Hospitals were on edge recently when the Hollywood Presbyterian Medical Center was hit by cyberterrorists. After all, if this Los Angeles hospital’s information could be held for ransom, why couldn’t another’s? Which is, in fact, the reality: any organization, including medical, government, education, industry, etc. can be the target of a ransomware extortion plot.

If you didn’t hear about the incident, here it is in a nutshell: Hollywood Presbyterian Medical Center is an acute-care facility with physicians representing a wide variety of specialties, from cardiac and cancer care to fetal therapy and maternity services. A few weeks ago hackers hijacked the hospital’s computer system, preventing access to any data by encrypting it. Initially, hackers demanded $3.6 million in return for releasing the data. Although the attackers later decreased their demands to 40 bitcoins (worth $17,000) in exchange for a decryption key, they had made a point to the world: patient data and medical records are not safe from hackers.

A sobering lesson can be learned (again): important data must always be protected. Hackers don’t necessarily care who the data belongs to; they will do their best to exploit any weakness in the IT infrastructure to steal, damage, or hold for ransom an organization’s data. Like most criminals, cybercriminals are opportunists who seek out easy targets. Are you an easy target? Just for starters, consider this: Is your data unencrypted? Do you employ password protection policies? Are you using expired antivirus software?

Fortunately, organizations can safeguard their data by backing it up to the cloud. The more secure your data is, the more likely are cybercriminals to look elsewhere for better odds of accessing important or sensitive data. Don’t let your data become vulnerable! So, when looking for a service that backs up to the cloud, what should you expect? There are many points to consider, including the following:

•     Is your data encrypted in transit and at rest?
•     Do you have the option to use your own encryption keys?
•     Are backups automated?
•     Is the cloud service audited and certified?

Finally, ask yourself this question: In the event of hardware failure, theft, virus attack (including a ransomware extortion plot!), accidental deletion, or natural or man-made disaster, will my data be safe and recoverable quickly?

Organizations rely on digitized data more than ever. As such, all organizations—from the smallest business to the largest enterprise—must take the necessary steps to ensure that their data is securely backed up, accessible, and easily recoverable.