Freely subscribe to our NEWSLETTER

“The rumors of Change Healthcare dealing with a second ransomware threat is a sobering reminder that the healthcare sector is always considered a lucrative target, because of the serious sense of urgency when IT operations are disrupted. The attack on Change is considered the most sophisticated attack against a healthcare organisation, with millions of prescription drug orders for patients being disrupted nationwide for weeks.

While Change hasn’t confirmed paying ALPHV/BlackCat a $22 million ransom as a result of the first attack, there is certainly a mountain of evidence in dark web channels suggesting it occurred. With any hospital or critical infrastructure provider, life and death situations occur regularly, and it might have been in Change’s best interests to pay the ransom, while continuing to recover its systems. Only Change, its executives and law enforcement agencies involved in the investigation would be privy to that level of information.

Overall, it doesn’t pay to pay ransoms, as it only fuels the multi-billion-dollar ransomware economy. You simply can’t pay your way out of ransomware. But in life and death situations or because a company may have exhausted all other options, payment might be the best option at that moment. It is important to keep in mind that payment doesn’t guarantee a return to business as usual for most organisations. Recoveries can take months and costs will be a lot more than the ransom payment itself.

Proper cybersecurity measures are critical to mitigating operational risks in any modern data-driven organisation. Also, enterprises are capable of fighting back and taking control of their networks, forcing ransomware gangs to move onto softer targets. Kudos to Change and their team of highly qualified professionals for their work in reducing business disruptions in what has become a multi-layered attack.

Companies today need to have an assumed breach mindset as it will help them recover much faster from compromise. I encourage organisations to prepare now for inevitable cyberattacks because peacetime planning enables organisations to assess which systems are most critical to their business and gives them a chance to lock them down. Also, by preparing in peacetime, organisations can reduce their most glaring vulnerabilities and make their infrastructure sufficiently difficult to compromise that hackers may look for softer targets. Companies should also monitor for unauthorised changes occurring in their Active Directory environment, which threat actors use in most attacks, and have real time visibility to changes to privileged accounts and groups.”