It’s been more than a week since Scripps Health was impacted by a cyberattack and many are wondering when the healthcare system will be back online. The California Department of Public Health has described the cyberattack as ransomware, but Scripps won't say how they plan to resolve it.
Without knowing the depth of the Scripps or Colonial Pipeline cyberattacks, NBC 7 wanted to know how organizations can bounce back.
We reached out to computer forensics expert, Kevin Cohen. He’s the owner of Data Triage Technologies – a Los Angeles-based company that services San Diego.
“Once the system is encrypted, it’s almost impossible to get those systems back,” Cohen said. “One, either pay the ransomware or two, not pay it.”
Cohen said taking the network offline helps organizations figure out if there are still remnants of the hack inside the system – a move Scripps said they performed after the breach.
Cohen said preparation beforehand is key because companies that don’t have security protocols on their network or virus protection can become easy targets. He recommends having virus scanning software, firewalls, intrusion prevention and detection.
He said it is important for organizations to have offline backup systems.
“If you have a backup that’s attached to your network, that could be infected,” Cohen said. “So, you want backups that are offline as opposed to online backups.”
Without viable backups, most are forced to pay and hope the hacker will release their data.
“Even if they do pay the ransom, the individuals have already gotten access to the computers and you don’t know if they’re gonna come back a month later, so you have to eradicate what’s been done to those systems,” Cohen said.
If you’re hacked, Cohen said rebuilding the system from scratch can prevent hackers from hiding in your system.
The FBI has historically discouraged, but not prohibited ransomware victims from paying hackers because payment isn’t guaranteed to work and can encourage criminals to continue attacking others.
Earlier this week, the White House Deputy National Security Adviser for Cyber and Emerging Technologies, acknowledged that some organizations might find paying the criminals off can be in their best interest.
“For some companies, $5 million isn’t that much money, for me that would be quite a bit,” Cohen said.
Either way, the true cost of ransomware hurts not only organizations but the people who rely on them for services or in Scripps’ case, live saving care.