Kayla Thraikill reports:
On June 14, 2017 an unknown ransomware variant infected the Waverly Health Center, a hospital located in Waverly, Iowa. Fortunately, the facility encrypts all of their patient data. Therefore, the hackers were unable to obtain any of the patient’s personal information. Although, the hackers were able to infect the systems, causing the medical facility to shut down their IT systems for a period of time until the infection was under control.
Read more on TechTalk.
So should this incident be included in our June statistics? I know there are those who want all ransomware reported and included on HHS’s breach tool, but the purpose of the breach tool – and Protenus’s monthly “breach barometer” – is to reflect privacy/data security incidents. Was there any privacy or data security compromise here? No, because the data were encrypted.
Include or not? I’m thinking “not,” but I’m open to listen to arguments.