No one is saying whether Atlantic General Hospital’s recovery from a ransomware attack two weeks ago came about because it paid the ransom or because it restored its computer services on its own with the help of outside experts.
The public should assume the latter, considering how long the hospital’s computer network was locked and the FBI’s advice against paying ransoms. It’s also a safe bet that AGH’s and other IT people spent those two weeks instituting workarounds, recapturing control and restoring data, as the AGH administration and board of trustees elected not to respond to attackers’ demands. If that’s so, good for them.
As the FBI asserts, the best way to discourage these ransomware ambushes is to make them financially pointless.
This doesn’t mean that AGH and the hundreds of other victims of ransomware got through this crisis at no cost. Restoring computer systems can be extremely expensive because of the level of expertise computer rescue specialists must have and the round-the-clock effort to produce the desired result.
AGH officials aren’t saying how much recovering from this incident cost, but among the first to know should be the hospital’s insurers, who could end up paying some or all of the bill. That’s one of the reasons AGH’s communications with the public were so cautious. Guidance from communications professionals advise against saying too much during ransomware incursions for fear that use of the wrong word could affect how an insurance claim is viewed.
Whether that’s right or wrong is beside the point — that’s just the way it is and why the FBI and other experts tell victims to have a good script and stick to it. In that regard, AGH did exactly what it needed to do.
Still, if hospital officials stood up to these cyberbullies and rejected their demands, they should say so … and say it proudly. In addition to the computer damage it causes, a ransomware strike can also harm an institution’s reputation. That may not be fair, but just saying no to criminals and succeeding is one of the best ways to burnish an image.