ECMC Cyber Attack — the Beginning of Cyber Terrorism

ECMC stands for Erie County Medical Center. This is a medical facility in Atlanta and is famous for its exceptional healthcare services and especially for its trauma center. However, a fine Sunday Morning, in April 2017, it came under a cyber attack.

The computer screens turned white and a single message in bright red fonts appeared. It said:

What happened to your files?

After that, the ransom demands started appearing in shocking pink font. They were asking for 1.7 BitCoins for every PC that was affected OR 24 BitCoins in order to receive Private Keys for ALL affected PCs. The hospital files were encrypted and the hackers were asking for $44,000 to give access to the key that could unlock them.

By the time it was 3:30 A.M, the medical facility had decided to shut down its systems and were trying their best to assess the damage that was done. This led them to go low-tech.

It took them 6 stressful weeks of working to reconstruct the data and system, and it was only after this, that their normal operation was resumed. While their officials confirmed that no data of any patient was compromised, the shocking situation had its consequences nevertheless. The world saw a series of cyber attacks in the wake of this event. This includes the global ransomware extortion as well, that left a number of computers disabled this month.

To pay or not to pay!

The experts believe that this is what cyber terrorism looks like when the data of important infrastructure is being targeted. While their networking system was going dark, they had to make an important decision —to pay or not to pay the ransom.

By 5:30 A.M, the management had called a meeting and a cyber security consultant from Troy was summoned too. The decision was a hard one to make and initially, they were leaning towards accepting the demands of the hackers but there were a number of concerns raised at this decision.

First of all, there was no guarantee that the hackers would keep their word once the money was transferred to them. Secondly, there was no way to tell that the material would not be tampered with. Finally, there was the issue of integrity. If they accepted the demands of the blackmailers, it would have meant encouraging them. This was the biggest reason they decided not to accept the unjust demands of the hackers.

Once the management had passed their final verdict on the situation, it was 9:30 A.M. They decided to exert their efforts in recovering the data, which they eventually succeeded in doing, using their backup system and HEALTHeLINK software.

This is the biggest case in the history of cyber attacks. While it was a crime, what makes it even more wrong was that it was also ethically and morally incorrect. This cyber attack on the data of ECMC cost the medical facility a whooping amount of $10 million for recovery of the data.