This Week in Breach: Columbia Surgical Specialists
Columbia Surgical specialists: Surgical facility in Spokane, Washington.
Risk to Small Business: Severe: Columbia Surgical Specialists decided to pay almost $15,000 in ransom to unlock files that were encrypted by hackers. After originally discovering the incident on January 9th, the firm hired an outside security firm to mitigate the aftereffects of the attack. Initially it was believed that 400,000 patients could have been affected, but the number has since then been reduced. Columbia Surgical Specialists explained that their delay in reporting was due to the time needed to analyze information surrounding the breach, and they do not believe that the attackers were able to access patient data.
Individual Risk: Severe: Names, drivers’ license numbers, SSNs, and protected health information was impacted in the ransomware attack. However, the outside security firm believes that it is unlikely that the data was exposed in the incident.
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Ransomware is a sticky subject for businesses and can resemble a virtual hostage situation. In the event of an attack, security experts recommend not paying ransoms to hackers, since it incentivizes future exploits and can result in greater demands. To prevent such exploits from occurring in the first place, organizations must partner up with managed security providers.
In Other News: Why human behavior is at the heart of cybersecurity risk
As the delineation between personal and business continues to blur with trends like bring your own device (BYOD), IOT and work from home, cybersecurity risk increases exponentially. Pair this with the societal lack of cybersecurity knowledge and it creates the perfect storm for hackers to exploit. Cybercriminals follow the path of least resistance, and many times this takes the form of exploiting human vulnerabilities.
Most security and compliance tools on the market are focused on safeguarding endpoints and patching vulnerabilities, but what about the risks that are amplified by human behavior? To stop the cyberattacks of the future, businesses must task themselves with developing a people-centric strategy for cybersecurity.