What should you do if your firm is hit by ransomware? Choose your own ending to this tale about a clinic, a criminal, and coronavirus to learn the risks and rewards of each choice.

California’s Hollywood Hospital has been hacked. Its medical files are now encrypted. Hackers have demanded a $100,000 ransom, paid in cryptocurrency, to unencrypt the data. Otherwise, the hackers threaten to start posting online some of the medical information they just stole.

This type of ransomware attack is called a crypto attack. In another kind, a lock attack, hackers simply lock an organization out of one of their online platforms or systems.

It is sorely tempting to pay the ransom, which now averages $111,605 per attack, according to statistics compiled by cyber-security firm Coveware. The cost to recover the records, restore business continuity, and avoid reputational damage to the hospital may be worth several times the ransom. If the medical secrets of the hospital’s rich and famous clientele are leaked to the world, the institution could incur massive legal liability.

But paying the ransom involves trusting criminals who could be working for hostile governments. There’s no guarantee they’ll make good on their promises, even if the ransom is paid.

Meanwhile, in the executive suite, another factor is at play. The CEO is very concerned about one tiny piece of personal medical information now in the hands of the hackers: his positive test for coronavirus and the fact that he’s been seen in public without a mask at public events.

If that information is disclosed, the CEO fears the fallout will make him an anchor on his company and he will be shunned both professionally and personally. He is pushing for the hospital to pay the ransom.

In this example, you are the hospital’s chief ethics and compliance officer. You have been asked by a divided board of directors for advice on how to proceed. It should be said there are no great options, but four courses of action that present different levels of risk. 

What are the risks involved in each choice? Which path would you take? Select from the choices below. Choose wisely … and if you want, reload the page when you’re done and choose a different answer to see the results of each action.