If your organization is the unfortunate victim of a phishing attack that leads to ransomware, you have a very important decision to make. Should you pay the ransom or not? The answer depends in large part on how much the ransom is. Hackers are smart not to ask for so much ransom that not paying it seems like the best alternative.
If you choose to pay the ransom, you may or may not get your data and systems back. That’s why many victims choose not to pay the hackers and instead pay experts to try and retrieve their data and restore their systems. Either way, if you get hit with a ransomware attack, it’s going to cost you a bundle. The scary thing is, the ransom (or restoring the systems) may not be the most expensive part of the phishing attack. That’s especially true if the attack leads to a data breach of sensitive information, like medical data.
Case in point from the HIPAA Journal, “Aveanna Healthcare is facing a class action lawsuit over a data breach that occurred in the summer of 2019. Affecting 166,000 patients, it is one of the largest healthcare data breaches to be reported this year. Aveanna Healthcare provides healthcare services to adults and children in 23 states and is the largest provider of pediatric home care in the United States.”
What was the cause of data breach? “In the summer of 2019, several email accounts were compromised in a phishing attack. The investigation revealed the first email account was breached on July 9, 2019, giving the attackers access to protected health information for more than 6 weeks.”
What data was accessed? Only everything. “Emails in the compromised accounts contained patient information such as names, health information, financial information, passport numbers, driver’s license numbers, Social Security numbers, and other sensitive data.”
I’m not sure what the cost of the ransom would have been in this case, because none was ever sought. But I feel certain it would have been less than the cost of the class action lawsuit. In this case, it would have been better financially for the healthcare company to pay a ransom. But, do you know what would have saved even more money? Not having those several email accounts compromised by a phishing attack. In other words, keeping those employees safe from phishing emails in the first place.
Do you know what it costs to protect an employee from a phishing attack with Phishing Protection from DuoCircle? About 30 cents a month. In this case, an ounce of prevention would have been worth a ton of cure.
Phishing Protection is cloud-based email security, so it requires no hardware, no software and sets up in 10 minutes. Do you think the folks at Aveanna Healthcare would like to be able to go back in time for 10 minutes?
If your company is in charge of safeguarding personal information—or even if it’s not—there is no reason to put your company and your data at risk when the prevention is so quick, easy and affordable. Try Phishing Protection for free for 60 days.