Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on krebsonsecurity.com. In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.
Bank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.
In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.
This scenario has been replicated many times over the past five years, says the krebsonsecurity.com article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.
Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.
Businesses and consumers should:
- Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
- Stage phishing attacks to see how well everyone learned their security training
- Retrain those who fell for the staged attacks
- Make it a rule that more than one person is required to sign off on large transfers
- Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.