The Ottawa Hospital has revealed that some of its computers were recently targeted in a ransomware attack.
The hospital released a statement on Saturday stating that bad actors infected four of its 9,800 computers with ransomware after someone clicked on a suspicious link, reports SCMagazine.com. This type of malware locks down a computer, encrypts its files, and demands the victim pay a fee in exchange for the decryption key.
As the case of the Ottawa Hospital demonstrates, ransomware does not just target ordinary users, either.
Locky made headlines earlier this year when it compromised the computer system of the Hollywood Presbyterian Medical Center in southern California and prevented staff from accessing patients' medical data. The hospital ultimately decided to pay $17,000 for the restoration of their system.
It is unclear what strain of ransomware is responsible for the attack against the Ottawa Hospital. A spokesperson for the hospital has pointed out, however, that the malware had very little impact on the hospital's operations and data security.
"No patient information was affected. The malware locked down the files and the hospital responded by wiping the drives," said Kate Eggins, a spokeswoman for the hospital, as quoted by National Post. "We are confident we have appropriate safeguards in place to protect patient information and continue to look for ways to increase security. We would like to reiterate that no patient information was obtained through the attempt."
Eggins has not confirmed the presence of a ransom note in the attack. Instead, she stated the hospital teams restored its system via the use of data backups, writes the Ottawa Citizen.
This incident highlights the importance of regularly backing up critical data, not to mention how someone's unsafe practices online can ripple across an entire business. It is important that organizations therefore invest in security awareness training programs and implement software that can track employees progress as they learn about security best practices and corporate policies.