Ron Southwick has a thoughtful piece on the complexities of deciding whether or not to pay ransom if a healthcare entity is the victim of a cyberattack. As experts comment, while most experts and law enforcement prefer victims not pay ransom, sometimes entities decide they need to do it.
But what are they paying it for? Are they paying it to get a decryption key to unlock data or services because they have no usable backup and patient care will be compromised? Are they paying it to get an actual copy of the data that was exfiltrated? Are they using it to get the threat actor to pinky swear that they will delete all data and not sell it or leak it? Patients do not want their sensitive data posted or sold, but is that a good enough reason or justification to pay ransom, when the payment will likely only encourage the threat actors to attack more victims?
And if you’re thinking about paying, who are you making the payment to? Are you paying someone who is on the sanctioned list? Are you paying threat actors who are working for governments hostile to the U.S. who will use the funds to develop weapons to use against us?
Read Southwick’s article at Chief HealthCare Executive.