cost measurement

How to measure the cost of a ransomware attack

On Feb. 12, news broke that Hollywood Presbyterian Medical Center in Los Angeles suffered a ransomware attack. Four days after the media reported the story, the hospital paid the hackers nearly $17,000 to restore its affected computer network.

The hospital isn’t alone in its decision to pay a ransom for its data. At the 2015 Boston Cybersecurity Summit, FBI Assistant Special Agent Joseph Bonavolonta noted that due to the complexity of ransomware threats, the FBI had recently been advising some organizations to pay their attackers to reclaim data as quickly as possible.

However, as DataGravity CISO Andrew Hay writes in a recent article for Dark Reading, Hollywood Presbyterian’s $17,000 price tag barely begins to cover the attack’s total costs. In only four days, the hospital likely experienced severe delays as it attempted to work around its locked computer system, while at least a few patients left the facility to seek treatment at another hospital. Considering the hospital’s previously reported revenue and income estimates, those four days alone may have cost nearly $11 million – and the attack was estimated to start affecting the hospital’s computers as early as Feb. 5.

Meanwhile, the hospital’s brand and reputation took a hit that won’t be as easily recovered as its data. Now that the event is over, the staff will likely seek new security technologies to help avoid a similar situation in the future.

Cybercriminals target and attack companies that can deliver sizeable payoffs – such as hospitals, which house extensive records containing valuable patient data. Often, this sensitive information is taken from a public share on the hospital’s server. Regardless of the cause of the security breach, its total costs and lasting effects can build quickly and overwhelm an organization in any industry. For a small to midsize hospital, those costs can seriously threaten revenue and reputation.

It will never be possible to stop a data breach in its tracks. However, it is possible to avoid situations where you have to pay attackers just to recover sensitive data. For example, my co-founder, Paula Long, coined a phrase about this approach – “behavior-based backup” – which refers to the way data-aware storage protects data when it detects anomalous behavior. When a DataGravity array tracks a spike in activity, it initiates a backup on the file share in question and helps contain the threat trying to infiltrate the system. Through file activity monitoring, search and discovery, and frequent backups, any organization can secure sensitive data in advance, quickly identify issues that might threaten a system, and reduce the extent of a security attack.

Prevent the disruption and ancillary costs created by ransomware attacks.

  Like This
John Joseph

John Joseph

President and co-founder of DataGravity, John Joseph leads company’s sales, marketing, operations and customer initiatives. John previously served as vice president of marketing and product management at EqualLogic, leading these functions from the company's initial launch through the successful acquisition by Dell in 2008. He subsequently served as vice president of enterprise solutions, marketing at Dell for three years after the acquisition.