PL Risk Blog

High Profile Hacks Reveal the Extent of Cyber Damage

Written by Drew Smith | Oct 5, 2020 4:19:32 PM

In the last week, two high profile hacks highlighted the damage that a cyber hack can do to a business that can harm thousands of people not even connected to the business. It also highlights how valuable by extension many of these hacks are.

Arthur J. Gallagher, one of the largest US Insurance brokerages, reported to the Securities and Exchange Commission (SEC) that their entire network was compromised on September 27th and as a precaution, they shut down their entire global network. Five days out they are still at a limited capacity, with their login pages still aren’t letting users through into their site and many systems related to claims remain down. They have not identified the type of ransomware used in this particular attack, but to this much internal damage implies it was a big job.

In the case of Universal Health Systems however, not only was the virus identified but it also impacted many people directly. In their case, the root of the breach was the Ryuk Ransomware. Ryuk can bypass antivirus once it launches and it can spread very easily, reminiscent of the Wannacry virus in 2018. In the UHS’ case, their network of over 400 hospitals were compromised and shut down. This forced many cancellations, rerouting of patients and locking of laboratory data these hospitals had. To quote one employee, "We have no access to anything computer based including old labs, EKGs, or radiology studies. We have no access to our PACS radiology system. No patients died tonight in our ED (Emergency Department) but I can surely see how this could happen in large centers due to delay in patient care."[1]

These high-profile hacks show that the biggest companies are just as vulnerable as the small 10 employee businesses. To mitigate the costs associated with the inevitable breach, consult your provider about what to include in a cyber insurance policy. Cyber insurance covers costs such as recovery, forensics and any reporting that you must do as many states require notification within a certain amount of time. Do your research about what is right for you.

[1] https://www.fiercehealthcare.com/tech/uhs-hit-massive-cyber-attack-as-hospitals-divert-surgeries-ambulances