Article content continued

The hospital is probably one of many organizations running old versions of Joomla, because, Segura explained, updating Joomla can be a challenge. “The current version is a different branch, and it can be tricky to migrate to new versions,” he said. “So we see a lot of sites that don’t update because they don’t have the resources, or are afraid it will break the site.” In addition, many sites are developed by third parties, and never touched again.

Much of the healthcare industry in particular is not well prepared for attacks, Segura said.

“Their infrastructure is weak and out of date,” he said. “Their big problem is with budget.”

In spending difficult to obtain dollars, he said he gets the feeling that IT and infrastructure isn’t a high priority. “They have no specific budget for infrastructure,” he noted. “That leaves them exposed to these attacks, which will be more prevalent.” He worries that data breaches will follow, as patient data is a valuable commodity to criminal elements.

In a blog post in which he also describes the Norfolk General attack in detail, he listed the top ten cities affected, with the top five being Toronto, Ottawa, Montreal, Markham, Ont. and Calgary.

“A lot of different criminal groups are jumping on ransomware,” he said, noting that much of it originates in Eastern Europe. Although he’s seeing many variants, at the core, they’re roughly the same – they ask for a similar amount (about $500) in Bitcoins, and most attacks have been by automated systems that scan for vulnerable targets. However, he sees the potential for attacks targeting specific organizations or individuals.

By going public about the Norfolk General hack, Segura hopes to raise awareness among organizations that keeping their systems up to date is the best way to fend off attacks.

“Most infections are on older, unpatched systems,” he said. “They’re an invitation to become infected.”

With a file from Vito Pilieci, Postmedia News