10 Aug A Case in Point: The High Cost of Cybercrime by the Numbers
Last Wednesday, Oli Thordarson, CEO of Alvaka Networks – and ABL Organization Member for nearly 26 years, headed an all-star cast of cyber-defenders who presented “Defending Yourself and Your Company from Cyberattacks.” As Bob Rose, President of MedWand Solutions, enthused afterwards, it was “One of the best sessions EVER. The panel and the content were AMAZING!”
Among the reasons the session was so enthusiastically embraced was its timeliness. For example, Oli kicked-off the session by sharing a financial analysis of the probable cost of a massive hack of the University of Florida Health’s Central Florida’s system, that was reported in Becker’s Health IT on August 2nd, entitled, After nearly 1 month of EHR downtime, UF Health says patient data was compromised during IT attack.
Talk about taking a hit when you’re already down: after being hacked and basically shuttered by ransomware black hats in late May, UF Health’s computer network was compromised so that the names, Social Security numbers, addresses, birth dates, health insurance, and treatment details became available to cyber thieves to extort. Since the government requires that patients be notified and offered ID theft protection when personal information could have been exposed, costs to inform and offer breach coverage were on top of having to resort to paper documentation while the EHR and other IT systems were down for nearly a month.
As Oli explained to his ABL audience: “Alvaka has this calculator we created to estimate the cost of a ransomware breach.”
He continues, “I looked up UF Central Florida revenue, which was at $1.6B in 2019 [the year before it was acquired by University of Florida Health]. I estimated 6,000 employees at $250k/year revenue each. That would put their IT staff at around 60-plus employees. They probably have 600ish servers. I estimated half their servers got hit. I presume they had a $10M ransom.”
“Notice our calculator estimates they should have been fully down 6 days, and 12 days for most operations to return. We know from the article it took them 30 days. I don’t think they had the right team helping them,” Oli concluded.
Oli included the chart below as an example, created using Alvaka’s Ransomware Recovery Cost Calculator.
A number of the ABL attendees resonated with Bob Rose’s takeaway from the panel’s presentations: “This is the one issue that keeps me up not just at night but all day, too, and now I’m even more scared, but I’m also even more motivated to take the advice and guidance of today’s presenters and do everything we can to proactively protect our company and our customers.” And, as Dave Brown, CEO of CHEQS, concluded: “I didn’t expect to find it so captivating — but it’s so current and real. Definitely amping up my use of TFA [Two Factor Authentication]!”
By Mimi Grant, President, Adaptive Business Leaders (ABL) Organization – Round Tables and Events for CEOs of Healthcare and Technology Companies