Exploit: Ransomware
Company: Toronto Hospital for Sick Children (SickKids Hospital) 
Industry: Healthcare
Source: https://www.cbc.ca/news/canada/toronto/sickkids-cyber-security-breach-1.6691980

On Sunday evening, Toronto's Hospital for Sick Children (SickKids) experienced a ransomware attack that impacted a few of its internal clinical and corporate systems, as well as some of its phone lines and web pages. The hospital has confirmed that the attack is ongoing and that patient care will continue as normal, with no evidence that any personal health information has been compromised.

Despite the attack, the hospital has experienced delays in retrieving lab and imaging results, which may cause longer wait times for patients and families. Additionally, people may experience difficulties calling into the hospital or accessing its health education web page and its careers portal.

It is not uncommon for hospitals and healthcare organizations to be targeted by cyber criminals, as they often hold sensitive and valuable information. In fact, according to a report by the Cybersecurity Ventures, it is estimated that ransomware attacks on healthcare organizations will cost $11.5 billion annually by 2026.

However, in the case of SickKids, the hospital's ICU was saved from near collapse due to the quick actions of the hospital's IT department and emergency response team. The hospital called a "system failure" code on Sunday at 9:30 PM and immediately enacted its emergency response plan. This included shutting down affected systems and isolating them from the rest of the network to prevent the malware from spreading.

This incident serves as a reminder of the importance of having a robust cybersecurity plan in place, especially for organizations in the healthcare industry. In addition to having an emergency response plan, it is also important to regularly update software and systems, provide cybersecurity training to employees, and work with third-party experts and law enforcement to resolve any incidents.

Inside SickKids, the emergency department has been preparing for a new surge, with the hospital working closely with third-party experts and law enforcement to resolve the incident. The hospital has also been in contact with its patients and families to ensure they are aware of the situation and to provide updates on the status of the investigation.

While the ransomware attack on SickKids has caused some inconvenience and delays, it is a reminder of the importance of having a robust cybersecurity plan in place. The hospital's quick actions and response plan helped to minimize the impact of the attack and ensure that patient care remained unaffected. The hospital will continue to work closely with third-party experts and law enforcement to resolve the incident and protect patient's personal health information.

As the incident at SickKids highlights, it is crucial for organizations to have a robust cybersecurity plan in place to prevent and respond to ransomware attacks. To help organizations protect themselves from these types of threats, we have put together some resources that may be of assistance.

First, we have a free ransomware prevention guide that provides IT professionals with actionable steps they can take to prevent ransomware attacks from happening in the first place. This guide covers topics such as software updates, employee education, and incident response planning. You can access this guide here: https://lp.enterprotect.com/ransomware-preventions-for-it-pros

In the event that an attack does occur, it is important to have an incident response plan in place. That's why we've created a free ransomware incident response playbook that provides organizations with a step-by-step guide for responding to a ransomware attack. This playbook covers topics such as assessing the scope of the attack, restoring systems, and communicating with stakeholders. You can access this playbook here: https://lp.enterprotect.com/ransomware-incident-response-playbook

Finally, for organizations looking for a comprehensive solution, the Enterprotect 360 platform includes built-in ransomware protection. This feature uses advanced algorithms and threat intelligence to detect and block ransomware attacks in real-time, helping to keep your organization's data and systems safe. You can learn more about the ransomware protection feature of the Enterprotect 360 platform here: https://www.enterprotect.com/360/ransomware-protection

By utilizing these resources and implementing best practices, organizations can better protect themselves against ransomware attacks and minimize the impact of any incidents that do occur.