Recent events have put a spotlight on a new element of payments security—terminals. For those readers who may not have been following the news, federal law enforcement (FBI) recently raided the Florida offices of PAX Technology, a leading, Chinese-based payment terminal provider. The raid was first reported by Krebs on Security. Based on the information we currently have, both the FBI and MI5 began investigating the firm after a major US payment processor started asking the vendor questions about network packets originating from PAX’s point-of-sale terminals. The vendor, it would appear, did not provide satisfactory answers which only increased suspicion and led the processor to report the situation to authorities.
Here we are. Talking about ransomware. Again. And the truth is, whether we are tired of talking about it or not, the current ransomware situation (especially for those in healthcare) is only getting worse as this year goes on. Simply put—things are bad. How bad? Well… bad enough for the FBI director to compare the current nationwide surge in ransomware attacks in the U.S. to the September 11th attacks of 2001. You have to admit, that’s a pretty extreme comparison. However, it’s not too far off. As we’ve seen already with the recent Colonial Pipeline attack, ransomware has the potential to bring parts of our country’s infrastructure to a grinding halt and disrupt commerce, similar to the results of a physical terrorist attack.
We’ve had a lot of articles about ransomware on this blog over the years, and for good reason. For roughly a half decade, healthcare organizations have been (and will likely continue to be) irresistible targets for cybergangs looking to carry out ransomware attacks. Case in point, just look at the recent May 1st attack on Scripps Health, which has left their computer network and related applications down for nearly a month (as of the writing of this article, a large portion of their systems were still down).