Erie County Medical Center has made it official that it has spent $10 million to recover from a cyber attack. The hospital authorities disclose that half of the amount was spent on purchasing new computer hardware, software, and assistance needed to respond to the cyber attack. And the other half represents the incurred additional expenses, such as staffs over time pay and lower revenues from business loss during the system’s downtime.
As per the details available to Cybersecurity Insiders, the hospital’s computer systems were attached with ransomware in April this year. And the hackers demanded a ransom of $30,000 in order to free up the encrypted systems from malware.
After thinking much on the issue, the IT staff of the ECMC collectively decided to replace the systems instead of bowing down to the demands of the hackers.
Some sources reporting to us said that the attack took down almost 6,000 machines and forced the medical center to go back to paper work and face to face messaging. When the hackers demanded 24 bitcoins as ransom, the medical center chose to go the other way, as there was no guaranty that the hackers will keep their word and will decrypt the database as promised.
Going forward, the medical center officials also anticipate an ongoing additional investment of $250,000 to $400,000 a month in this year. The investment will be made to upgrade the technology and to educate employees to harden the hospital’s computer systems defenses in order to reduce cyber attack risks in future.
The best part in this whole cyber attack story is that ECMC was covered by a cyber insurance ranging from $2 million to $10 million.
Perhaps, the hospital is confident to recover the ransomware related costs in its insurance claim by this year end.
Note– ECMC is a 602-bed hospital attached to a facility of 390-bed nursing home. From a business point of view, ECMC is doing great as it closed the year 2016 with a $2.1 million operating surplus on $593 million operating revenue.
