The SamSam ransomware attack accessed Hancock Health’s computers through an outside vendor’s account on Thursday. It quickly infected the system by locking out data and changing the names of more than 1,400 files to “I’m sorry.”

The virus demanded four bitcoins in exchange for unlocking the data, which included patient medical records and company emails. The hospital paid the amount, about $50,000 at the time, early Saturday morning, said Rob Matt, senior vice president and chief strategy officer.

“It wasn’t an easy decision,” Matt said. “When you weigh the cost of delivering high-quality care … versus not paying and bearing the consequences of a new system.”

The data started unlocking soon after the money was transferred, Matt said.

Paying was a pure business decision.

“The amount of the ransom was reasonable in respect to the cost of continuing down time and not being able to care for patients,” Matt said.

The health system said patient data was not compromised. Life support and other critical hospital services were not affected, and patient safety was never at risk, Hancock Health said in a news release.

Ransomware is a growing digital extortion technique that affected tens of thousands of Americans in 2016, USA Today reported.

Criminals use various phishing methods through emails or bogus links to infect victims with malicious software.

The virus infects the computer network by encrypting files or locking down the entire system. Victims log on and receive a message telling them the files have been hijacked and to get the files back they will have to pay.

“Generally, these attacks are aimed at large institutions that have lots of money, who typically don’t have a very good cyberdefense infrastructure,” said Paul Talaga, an assistant professor at the University of Indianapolis’ R.B. Annis School of Engineering.

Hospitals are a frequent target of these attacks. In May, the WannaCry ransomware virus affected more than 200,000 victims in 150 countries, including more than 20 percent of hospitals in the United Kingdom. That attack was later traced to North Korea.

Talaga said the Hancock Health case is unique in that the hospital actually paid the ransom. The hackers got exactly what they wanted.

“Of course, the people doing the ransom can kind of say whatever they want and set the bar really at whatever they want, he said. “They’re going to aim the price just low enough that they would decide to pay it.”

Paying such ransoms further encourages hackers, he said.

“It’s disconcerting that the hospital decided to do that,” he said, “because now the attackers are motivated to continue to attack.”

Hancock Health said it worked with the FBI and hired an Indianapolis cybersecurity expert for advice on how to respond to the attack.

The systems were back Monday after paying the ransom.

“We were in a very precarious situation at the time of the attack,” Hancock Health Chief Executive Officer Steve Long said in a statement.

“With the ice and snowstorm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible.”

Hospital officials could have retrieved back-up files, but Long said they feared restoring the hijacked data would take too long.

“We made the deliberate decision,” Long said, “to pay the ransom to expedite our return to full operations.”

–

Source: indystar.com

The post Hospital pays $50,000 as hackers hold patients’ data ransom appeared first on Citi 97.3 FM - Relevant Radio. Always.

Though it has about 60% of the world’s uncultivated arable land, Africa’s net food import is predicted to grow from $39bn in 2016 to over $110bn by 2025.

Food production is desperately low due in part to the region’s poorly developed climate and weather alert systems to help farmers plan for crop seasons.

In the horn of Africa, farmers in Somalia are grappling with droughts and poor rainy seasons. This has affected food production, making more than 5 million Somalis food insecure.

In West Africa, cocoa farmers in Cote d’Ivoire live in fear because heavy downpour during the rainy season will cause flooding of their farms – a major threat to their livelihoods and the country’s main revenue source.

The ordinary farmers in Somalia are unaware the duration and intensity of drought seasons.

Cocoa farmers in Cote d’Ivoire are also poorly informed of the intensity of rains and how they can mitigate the risks to improve cocoa production.

There is a lack of real time access to reliable and usable weather data across Africa. The information is often not available or, even if it exists, is inaccessible, of poor quality or unknown to those that need it most.

Farmers do not to obtain efficient information on drought forecasts, rainfall distribution, and pest outbreak. These induce low agricultural production and food insecurity.

The National Meteorological and Hydrological Services (NMHS), mandated to collect and serve weather and climate data at the country level, operate well below capacity in several African countries.

In Africa, about 80% of NMHS are unable to adequately provide this information and related early warnings. Few African countries have the minimum number of operational meteorological stations to adequately make available ground observation data.

The World Metrological Organization (WMO) estimates that, in Africa alone, there is a need for an additional 4,000–5,000 basic meteorological observations.

The World Bank estimates that about US$1 billion is required to modernize the African meteorological services.

Governments alone do not have the capacity and expertise to provide complete solutions, particularly on investment.

They will require broader partnerships with the private sector in the agriculture, insurance and telecommunication sectors. These partnerships are necessary for the collection and the delivery of data and for critical services such as risk analysis, commodity availability and prices, index insurance parameters, as well as secure payment schemes.

There are good examples of innovative solutions being deployed already. ECONET, a local mobile phone operator in Zimbabwe, has recently started a large scale weather-indexed insurance for farmers in Zimbabwe.

There is the need for strong political support and voices to boost smart systems through partnerships between national authorities, technical agencies, NGOs and the private sector.
African governments must expand financial investments by at least 20% to modernize their National Meteorological and Hydrological Services.

They must forge strong partnerships with private companies and businesses to scale up and deliver ground observation data both at the national and local levels.

These partnerships could offer related services which are important to end-users such as payment schemes, risk analysis, commodity prices and availability and index insurance parameters.

There should be a global approach – led by African governments – that brings together scattered and fragmented climate data interventions and investments.

This will help move from the many pilot projects to full-scale projects.

Timely and appropriate climate and weather information plays a critical role in development, helping to better manage climate risks and maximise opportunities.

This is particularly the case for Africa’s agriculture.

–

By: Stephen Yeboah

Writer is a PhD student, Swiss Graduate School of Public Administration, University of Lausanne, Switzerland.
email: [email protected].

The post Reliable climate, weather data key to Africa’s agric transformation [Article] appeared first on Citi 97.3 FM - Relevant Radio. Always.

Alex Stamos, Chief Security Officer (CSO) at Facebook, speaking at Web Summit last week, told a quick story to show what his company was up against when it came to security.

“The family car was not designed to be driven into a wall at 100 kilometers an hour. We call that user error,” he joked. Car companies try to take reasonable safety scenarios into account when building cars, and then attempt to make them as safe as possible based on the information they have.

Facebook, he said, doesn’t have that luxury. For example, Stamos said that he was in Nigeria recently and he met with young people, many of whom were using a $50 Android smartphone as their device of choice. The trouble with the phone, which was one these young people liked and could afford, was that it ran an older, much less secure version of Android — one which they weren’t likely to update.

He can’t force people to upgrade their devices, so they have to accept the fact that these users are coming onto Facebook with devices, which very likely have malware running on them.

“If we are going to connect the world, we also need to connect the world safely. In situations where it’s negative, we still look at it with open eyes and do everything we can to mitigate it,” he explained.

He went on to differentiate between safety and security. You can develop your code as a company in a secure way, meaning you try to fill security holes and make it as difficult as possible for hackers to compromise the software. He says that every company should be duty-bound to prevent these types of weaknesses to the extent possible.

Keeping your users safe is another matter. It’s about setting up systems in such a way that you have safety built into the structure of the service, regardless of how much or how little the end user is willing to participate in those safety mechanisms.

He says, the company actually monitors black market password databases, looking for password matches against its user base, and warning people when they find compromised ones.

Facebook knows it can’t possibly control every variable, or even impose reasonable safety measures onto its users, so it uses as many creative ways as it can consider to keep as much of its user base safe as is within the company’s control.

Stamos says the company has built a safety-oriented culture that enables the company to iterate quickly on changing safety and security issues, regardless of user behavior.

“It is still our responsibility to protect the people who choose not to use [advanced safety features the company has built],” Stamos explained. In other words, they are going to make every effort to try and keep you safe whether you participate or not.

–

Source: TechCrunch

The post Facebook wants to make you secure appeared first on Citi 97.3 FM - Relevant Radio. Always.