Rising Menace: Ransomware Affecting Healthcare and Education
Educational and healthcare sectors are grappling with the rising threat of ransomware, with leaders of these institutions now considering this threat as equally formidable as other major crises. The repercussions of these attacks are long-lasting, forcing victims into dilemmas of choosing between paying the ransom or undertaking strenuous recovery processes. This scenario is now extending its influence to the Department of Education schools in Australia and New Zealand, where the educational systems are left to decide their mode of action amid such breaches.
Twenty-Eight Days Without Electronic Medical Records
In a Wednesday congressional panel discussion, witnesses shared their first-hand experiences of the aftermaths of ransomware attacks. Stephen Leffler, the President and COO of the University of Vermont Medical Center, testified, stating, "The cyberattack was much harder than the pandemic by far," reflecting on his three-decade-long career in emergency medicine.
Lacey Gosch, Assistant Superintendent of Technology at Judson Independent School District, and Grant Schneider, Venable Senior Director of Cybersecurity Services, also provided insights during the testimony. Schneider highlighted the devastating effects of ransomware on operational, economic, and reputational fronts, leading to difficult choices for the victims between paying ransoms or laboriously restoring their services independently.
University of Vermont Medical Center: A Case Study in Resilience
When the University of Vermont Medical Center faced a ransomware attack in October 2020, immediate actions were taken to mitigate the data breach, leading to the shutdown of the electronic medical records system.
The restoration involved intensive efforts from the IT staff and external support. Leffler emphasised the need for affordable cybersecurity products and services, as well as federal grants to aid medical facilities in meeting cybersecurity standards.
Meanwhile, in the educational sector, Judson Independent School District paid a substantial ransom, yet the recovery was arduous and prolonged. Gosch described the state of technology in many school districts as outdated and vulnerable, with costs associated with ransomware attacks extending beyond data loss to encompass wide-ranging recovery, security, and health impacts.
The district invested over $5 million in technological upgrades and emphasised the crucial need for increased funding, federal support, and cybersecurity standards for educational institutions. The lacunae in formal cyber recovery and mitigation programs for schools were evident, with Gosch advocating for federally-backed discount programs and regulations to safeguard student data.
Going forward, Leffler wants to see ways for medical centres to more cheaply purchase cybersecurity products and services and keep those technologies current and upgraded. Leffler would also like to see federal officials make grants available to bring medical facilities up to accepted cybersecurity standards as well as money for strong backups so that fewer organizations have to pay ransom after an incident (see: Bill for Rural Hospital Cyber Skills Passes Senate Committee).
Learning and Adapting from Global Experiences
This global problem of ransomware is echoing in Department of Education schools in Australia and New Zealand, compelling leaders in education and healthcare to seek proactive and preventive measures. The experiences shared in the congressional panel underscore the urgency of establishing robust cybersecurity frameworks, upgrading antiquated systems, and allocating resources to defend against the multiplying threat of ransomware.
