Regular readers may recall the frustration I reported when calls to Uniontown Hospital to alert them to a security breach went unanswered. I’m not the only one who can’t get a response when a response might be in the entity’s best interests. Consider this report by security blogger Brian Krebs:
Organized hackers in Ukraine and Russia stole more than $1 million from a public hospital in Washington state earlier this month. The costly cyberheist was carried out with the help of nearly 100 different accomplices in the United States who were hired through work-at-home job scams run by a crime gang that has been fleecing businesses for the past five years.
Last Friday, The Wenatchatee World broke the news of the heist, which struck Chelan County Public Hospital No. 1, one of several hospitals managed by the Cascade Medical Center in Leavenworth, Wash. The publication said the attack occurred on Apr. 19, and moved an estimated $1.03 million out of the hospital’s payroll account into 96 different bank accounts, mostly at banks in the Midwest and East Coast.
On Wednesday of last week, I began alerting the hospital that it had apparently been breached. Neither the hospital nor the staff at Cascade Medical returned repeated calls. I reached out to the two entities because I’d spoken with two unwitting accomplices who were used in the scam, and who reported helping to launder more than $14,000 siphoned from the hospital’s accounts.
Read more on KrebsOnSecurity.
Maybe if insurers decline to cover losses if they find out that someone tried to warn the entity and the entity ignored or failed to respond to the attempted alerts, it would help?