In society, hospitals can be seen as one of the most sacred places. In a hospital, we come together to care for the sick and hurt in our communities. Hospitals require a massive amount of trust. Not just the trust between a doctor and their patients, but the trust in the tools and methodology of the hospital in question. During the treatment process, a massive amount of incredibly personal and sensitive data is pulled from patients. Everything from hyper-specific ailments to credit card and insurance information ends up on a hospital server somewhere after taking a step through their doors. This means that our healthcare system is responsible for our well-being in more ways than one, and it places them in a uniquely perilous position when it comes to cybersecurity.
Boardman Ohio and Small Town Medical Centers
In June 2019, a medical practice with an office in Boardman Ohio called N.E.O. Urology Associates fell victim to an incredibly costly ransomware attack. The hack was more or less a standard ransomware attack. The hackers found their way into the urology practice’s local systems, figured out where all of their data was stored, and hijacked it by totally re-encrypting everything they could get their hands on. Encryption is a powerful cybersecurity tool. Many security systems will employ, but that power is devastating when employed against others.
The hack took this small practice by surprise. It seemed to have cropped up as quickly as they noticed it. The speed of the hack and the practice’s lack of preparation cost them dearly. Not just in trust or inconvenience, but in their wallets as well. They reacted as quickly as they possibly could have after being on the back foot and blindsided by the attack, but it still took approximately 48 hours to resume business as usual. Over the two days of disrupted business, N.E.O Urology reported an average loss of around $40,000 a day. Notably, this massive financial hit does not include the $75,000 ransom eventually paid out to the hackers.
It’s hard to believe that losing over $100,000 dollars in business and profit could be considered getting off easy, but N.E.O Urology was one of the lucky ones. Similar businesses that are running on razor-thin margins are often brought to their knees in the wake of similar attacks. For example, a pair of physicians in a Michigan-based medical had their documents seized and ransomed to the tune of $6,500. All of their appointments, patient information, and health records were encrypted out of their hands until they formally refused to negotiate with the hackers. The hackers responded by simply deleting every single one of their supporting documents. This $6,500 demand was enough to entirely undo their hard-won medical practice and deprived a community of their services.
We can see that ransomware attacks aren’t just some internet boogyman. When they take hold, they quickly become a robust form of financial control over our local institutions. As a community of people living and working online we need to understand the damage ransomware attacks can inflict on small businesses.
Why Is This Happening?
One of the cruelest ironies of our increasingly online world is our waning cybersecurity response. The convenience of easily-accessible digital tools and the internet’s proliferation into daily life has linked nearly every single aspect of work to the internet at every moment. However, this seamless integration into our lives has created a massive blindspot. We don’t look at our connection to the internet as a vulnerability the same way we do physical threats. We lock our file cabinets at night and put our tax documents in safes because we understand the damage that would be done were these documents to fall into the wrong hands. This same ethos needs to be spread to our cybersecurity plans.
Today, however, we stand at a security crossroad. Politically, culturally, and financially we find ourselves at an awkward standstill. Corporate interests are focused on generating a growing short-term profit for shareholders. This means that long-term investments in infrastructure that has no immediate benefit to an outside observer will find themselves on the cutting room floor in favor of methods that generate profits. Cybersecurity budgets tend to fall victim to this mindset, particularly with businesses that don’t see themselves as “operating online.” As we’ve seen with recent hospital hacks, businesses that operate in the physical realm still back themselves up with support from the digital world, and neglecting this reality will bring an operation to a screeching halt.
Legislation has also done an abysmal job keeping up with security threats. We have no problem legislating physical threats, but in recent years cybercrime has been met with significantly less pushback. The Colonial Pipeline hack, for example, was a high-profile hack that was felt firsthand by the American people. Gas stations all up and down the East Coast ran dry, weekend plans for visits to friends and family were stalled out by empty gas tanks, and employees missed work simply because their local fill station had no wares to provide. Eventually, the government caved to the hacker’s demands and the legislative branch responded in an anemic and reactionary fashion. To this day, digital protections of the American energy sector are held together in a patchwork of ill-suited organizations and loose regulations.
White House officials say they’re unable to move harder on regulation without specific authorization from Congress. American Congress is filled to the brim with rapidly aging representatives with a marked lack of technical knowledge. This current state of the legislative body of the United States leaves a distinct cybersecurity-shaped hole in leadership which has a direct impact on how cybersecurity is viewed by the layperson. If the government can scrape by with the bare minimum, what is to light a fire under the butts of the mom and pop business?
How Can AXEL Go Help?
AXEL Go is a file storage and sharing service that is designed to revolutionize the way we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-25 bit 6 encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.
 Finnegan, Joanne. 2022. . https://www.fiercehealthcare.com/practices/ohio-medical-practice-hacked-pays-75-000-ransom-news-report-says.
 Finnegan, Joanne. 2022. . https://www.fiercehealthcare.com/practices/physician-practice-roundup-michigan-practice-will-close-after-doctors-refuse-to-pay.
 Bergal, Jenni. 2022. “Ransomware Attacks on Hospitals Put Patients at Risk”. Pewtrusts.org. https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2022/05/18/ransomware-attacks-on-hospitals-put-patients-at-risk.
 Marks, Joseph. 2022. . https://www.washingtonpost.com/politics/2022/06/24/cybersecuritys-bad-its-getting-worse/.
. Ellen Nakashima and Lori Aratani 2022. . https://www.washingtonpost.com/business/2021/05/25/colonial-hack-pipeline-dhs-cybersecurity/.
 Magan, Veronica. 2022. . https://fiscalnote.com/blog/how-old-is-the-117th-congress.