Cybercrime and a Network Bridge Too Far

Blog /Cybercrime-a-Network-Bridge-Too-Far

Usually I’ll write a clever opening line before I get down to the points I’d like to make. I’m afraid that this topic is too serious to joke about.

In a recent post, I argued that in the digital world, security (among other topics) was becoming paramount. Then came the news this week that Hollywood Presbyterian Medical Center had agreed to pay hackers 40 bitcoins (roughly $17,000) to get their hijacked network back. Hackers had apparently encrypted parts of HPMC’s network (and/or data), and the hospital decided it would be “the most efficient way to solve the problem” according to the news story, which also said the FBI is investigating.

There are several problems I want to discuss about this situation. First, paying hackers only encourages them to repeat their act. It’s a fundamental reason that many nations refuse to pay ransom for hostages. You might get one person back, but seven more could be kidnapped within the next few months. I do not believe that this is the right path. However, I don’t have information about what HPMC considered to be at risk, which could include money, data integrity, privacy, or patients’ lives. It wouldn’t be right to second-guess the hospital without more information.

But I can address the second problem. When hackers go after a company that makes shoes, or a political website, or a social media site to express their displeasure, that’s one thing. I don’t agree with it (it’s illegal and something only a basement-dweller would do), but it’s not jeopardizing lives.

When someone goes after an institution that deals with life and death issues and needs access to patient records, doctor’s contact information, and whatever else is necessary to care for patients—that’s not only despicable, but calls for the FBI to prioritize this case.

When they find the guilty parties, I hope they prosecute them to the utter limits of the law. I also call on Congress to put much stiffer penalties in place for dealing with cybercrimes that affect infrastructure (power, water, communications), critical services (hospitals, police, fire departments), and defense. In the past, this kind of activity has been the source of chuckles and winks in some quarters. It’s not funny anymore. It’s deadly serious.

Post Date: 2/19/2016

Brad Rucker - NTT DATA Brad Rucker

About the author

In 1981, Mr. Rucker spent his entire monthly salary on a TRS-80 Color Computer, taught himself to code and never looked back. Since then he has been a programmer, DBA, system designer, project manager, CIO, CTO and COO. Currently he serves as SVP of the Digital Applications & Information Management Practices at NTT DATA Services.