Ransomware attack paralyzes public health computer systems in Costa Rica

Costa Rica

Share this content

Costa Rica have recently been hit with a number of cyber-attacks that have caused havoc and severely damaged the country’s economy.

Max Vetter, VP of Content at Immersive Labs has detailed the unsurprising nature of the attack, and what more collective workforces must do to prevent successful attacks like this one in the future.

“As ransomware gangs continue to target Costa Rica with a vengeance, it is perhaps to be expected that, following a HIVE ransomware attack, all computer systems on its public health service were taken offline. Attackers gained access to its network in the early hours of Tuesday morning. Employees were allegedly told to shut down their computers and unplug them from the networks amidst the ensuing havoc,” said Vetter.

“This response could hint at the unpreparedness of organizations that have limited plans in place should a cyber-attack hit. Ransomware attacks are what we refer to as ‘wicked problems’ – ones with no clear ‘right answer’. This is the reason that recent research by Immersive Labs highlights that 18% of government organizations resort to paying the ransom in attack simulations,” Vetter continued.

In April 2022, it was reported that an attack had affected the government’s systems, with damages worth around $10m. As a result, the recently elected President of Costa Rica, Rodrigo Chaves, pledged to increase the country’s investment into cybersecurity in order to tackle the growing problem.

“The healthcare sector is particularly vulnerable to ransomware, partly due to the sensitive nature of the data it holds. But in our research, it was the worst performing industry in terms of cyber crisis response by some margin, with a score of just 18%. This needs to change.

“Cybersecurity is no longer an issue for IT teams alone; remaining resilient in such a high-paced threat environment requires the optimization of human cyber knowledge, skills and judgement across the entire organizations when it comes to preparing for, responding to and remediating against cyber threats. When it comes to crisis planning, all departments should be rolled into incident response plans from the start and not left as an afterthought. Had this been the case here, the consequent chaos and shutdown of operations could have been reduced if not prevented entirely,” concluded Vetter.

More on this story

Costa Rica President-elect will look to invest more in cybersecurity

Cyber attackers blamed for crippling $10m attack on Costa Rica government systems

Read more on this story in English from Associated Press HERE

Read more on the President’s statement to Reuters News agency HERE

Return to Security Journal Americas NEWS index

Receive the latest breaking news straight to your inbox