Paying ransom is typically the only way for healthcare organizations to retrieve their data or restore their systems after a ransomware attack, ransomware negotiators told Politico.
"The data they stole is so highly sensitive and confidential that you're willing to pay the ransom in hope that they'll give it back and not destroy it or publish it," Scott Bailey, a partner at cybersecurity firm N1 Discovery who has negotiated ransoms for health systems in Michigan, told the news outlet.
As healthcare is increasingly targeted by ransomware groups because of the industry's importance and the value of its data, health systems that are hacked must decide whether or not to pay ransom. UnitedHealth Group, for instance, paid $22 million to hackers after the February cyberattack on claims processing subsidiary Change Healthcare (though it is unclear whether that helped secure the company's stolen patient data).
Victims often hire ransomware negotiators who help determine how much data was exfiltrated and what it will cost to get it back, according to the May 17 story.
"Even the organizations that have great backup strategies end up having to pay because the restoration process would take so much time," ransomware negotiator Kurtis Minder, of cybersecurity company GroupSense, told Politico. "It is so complicated, and when you're talking about patient well-being, that puts an additional pressure on it. They can't wait to see if their backup strategy is going to work."
Ascension, a 140-hospital system based in St. Louis, took its IT network offline May 8 following a ransomware attack. The health system, however, has not confirmed whether it is negotiating with the hackers or plans to pay.