THE WALL STREET JOURNAL. Monday, October 7, 2019 |B5
in an email.
A Wisconsin dentist who
asked not to be named said
she has been “overwhelmed
dealing with the incident
[and] there are more repercus-Adding Up
Average cost of a data breach per customer record, including
customer notification, credit monitoring, fines, legal fees and
other itemsSource: IBM; Ponemon InstituteNote: Study of 507 companies with recent data breaches; excludes mega-breaches such as
Equifax's in 2017$0 100 200 300 400Health careFinancial servicesEnergyEducationEntertainmentTransportationHospitalityRetailWeCo., as the WeWork
parent is officially known,
abruptly postponed its IPO
last month after prospective
investors revolted against the
office-sharing company’s gov-
ernance and big losses. The
New York company and its un-
derwriters had already lopped
off some $30 billion from its
expected valuation in anticipa-
tion of weak demand. Two
other companies with sizable
losses—entertainment firm
Endeavor Group Holdings
Inc. and biotechnology con-
cernADC TherapeuticsSA—
also postponed listings within
the past two weeks.
Companies that had raised
record amounts of money in
private began lining up to go
public, eager to tap what
seemed like insatiable demand
from stock-market investors.
But the weak performance of
many of these companies in
the public market is making it
clear that private investors of-
ten were too optimistic.
This year’s crop of IPOs is
expected to be the least profit-
able since the technology
boom, according to another
Goldman research note, and
investors have taken notice.
In March, Lyft was valued
in its IPO at $24 billion, far
above its previous valuation in
the private markets of $15 bil-
lion. Since then, its stock has
fallen 46% as investors grew
increasingly worried about the
company’s steep losses.
Uber followed a similar tra-
jectory. It had been valued at
roughly $68 billion in the pri-vate markets and went public
in May at a price that gave the
company a fully diluted valua-
tion of some $80 billion. Since
then, its stock has dropped
34%, putting the company’s
market capitalization far be-
low where it was last valued
privately. Uber incurred a $5.2
billion loss in its latest quar-
ter, hurt by billions in costs
related to its IPO.
Slack Technologies Inc.,
which is also unprofitable,
made its debut in June
through an unusual method
called a direct listing. As such,
the company didn’t raise capi-
tal and simply used $26 as a
reference price for when its
shares started trading on the
New York Stock Exchange. De-
spite surging initially, Slack
shares now trade 4% below
that reference price.
“Some companies became
convinced that the public mar-
ket would welcome them with
high cash burn and long run-
ways to profitability,” said
Paul Hudson, chief investment
officer of Glade Brook Capital
Partners LLC, a pre-IPO inves-
torinUber,LyftandWe.“The
reality is the public market re-
wards profitable companies
that generate cash flows in ad-
dition to growth.”
Indeed, Pinterest, the
nearly profitable platform for
online image searches, is up
44% from its April IPO price.
DatadogInc., a cloud-based
software-management plat-
form with limited losses that
made its debut in September,
is up nearly 30% since then.ternatives such as cheaper di-
rect listings.
“I don’t see a lot of deals
that are likely to go out the
rest of this year,” said Rick
Kline, the co-chair of law firm
Goodwin Procter LLP’s capital-
markets practice. “The market
sentiment has changed.”
Bankers and lawyers now
say it is unlikely that 2019 will
be the record year that many
had envisioned. So far this
year, 158 companies have
raised $53.1 billion on U.S. ex-
changes, according to Dea-
logic, the fourth-busiest year
on record behind 1999, 2000
and 2014. Should activity ta-
per off as expected, 2019 could
fall behind other years too.
After a hiccup caused by
the government shutdown,
2019 got off to a fast start
with the well-received debuts
ofPinterestInc. andZoom
Video CommunicationsInc.
Even after ride-hailing apps
Uber andLyftInc. stumbled in
their debuts, the new-issue
market stayed strong. But a
failed flirtation with public
ownership on the part of We-
Work, together with other
soured listing plans, appears
to have changed that.Continued from page B1IPOs Stall
As Misfires
TakeaToll
their data but patient informa-
tion is believed to be uncom-
promised, Brenna Sadler, di-
rector of membership and
communications for the Wis-
consin Dental Association, saidSMALL BUSINESS
medical and billing informa-
tion, said Jennifer Barr, a
health-care analyst at Moody’s
Corp. The data can be sold for
insurance-fraud purposes or it
can be locked up and used to
extort money from the af-
fected health organization, she
said.
Smaller health-care organi-
zations are at greater risk be-
cause they generally don’t
have the resources for robust
security tools and might not
have a dedicated cybersecurity
specialist to monitor and
patch their systems, Ms. Barr
said.
Last year, about 57% of
medical practices in the U.S.
had 10 or fewer physicians and
about 15% were run by solo
practitioners, according to the
American Medical Association.
Three Alabama hospitals
have been operating under
emergency procedures since a
cyberattack on Oct. 1, spokes-
man Bradley Fisher said Fri-
day. The hospitals—DCH Re-
gional, Northport and Fayette
—are part of the same system
and share IT resources.
“Everybody is familiar with
[the emergency procedures]
but you obviously don’t want
to do it for days,” Mr. Fisher
said. There is no forecast for
when the hospitals will be
functioning normally, he said.
Like at the Wyoming health
system, email is down and
doctors are keeping written
notes after patient visits. IT
staff is working around the
clock on eight-hour rotations,
Mr. Fisher said, and about 60
nurse managers, department
directors and other top admin-
istrators gather with the chief
operating officer four times a
day to go over technology and
operational updates.
The hospital system is en-
couraging nonemergency pa-
tients to seek assistance from
other providers.
In August, the American
Dental Association said that
hundreds of dental practices
were affected by a ransom-
ware attack that month
against two dental-focused
technology providers. The in-
cident locked dentists out ofsions than one might assume.”
She declined to give details.
After a ransomware attack,
companies typically conduct
digital forensic investigations
to make sure systems and data
are no longer vulnerable.
Some equipment might have
to be replaced and if backup
data is outdated or encrypted,
rebuilding files can be expen-
sive and lengthy.
Some small health-care or-
ganizations don’t have the
money to bounce back from a
cyberattack, said Linn Freed-
man, head of the privacy and
cybersecurity practice at law
firm Robinson & Cole LLP.
A ransomware incident in
August is forcing Wood Ranch
Medical in Simi Valley, Calif.,
to close its doors Dec. 17, ac-
cording to a note posted on its
website.
“Unfortunately, the damage
to our computer system was
such that we are unable to re-
cover the data stored there
and, with our backup systemencrypted as well, we cannot
rebuild our medical records,”
the note reads. “As much as I
have enjoyed providing medi-
cal care to you, I will not be
able to attend to you profes-
sionally after that date.”
The statement is unsigned;
the practice is run by Shayla
Kasel, a family medicine doc-
tor, who didn’t respond to re-
quests for comment.
Brookside ENT and Hearing
Center in Battle Creek, Mich.,
permanently closed its doors
in April after a ransomware
attack, according to a recep-
tionist reached by phone
shortly after the incident. All
of the company’s electronic
data was made inaccessible af-
ter it decided not to pay a ran-
som, and the practice stayed
open for a short time to refer
patients to other health pro-
viders, she said.
A voice-mail response for
one Brookside doctor says he
is retired and no longer seeing
patients.Andy Fitzgerald, chief exec-
utive of a community health
system in Wyoming, was visit-
ing his son in Georgia last
month when he received a dis-
tressing text message from his
chief operating officer: Their
company had been hit by a cy-
berattack.
Hackers had locked up sen-
sitive patient information and
medical devices at Campbell
County Health and demanded
a ransom.
“My initial thought was,
‘Oh, crap,’” said Mr. Fitzgerald,
who declined to say whether
he paid the demand.
In the days after the attack,
the health system, which oper-
ates a 90-bed community hos-
pital and other facilities, wasforced to cancel services in-
cluding radiology, endocrinol-
ogy and respiratory therapy.
The organization transferred
patients to hospitals as far
away as South Dakota and
Denver. Cash registers, email
and fax were unavailable.
Doctors had to resort to
pen and paper to document
medical conditions, and with
prescription records inaccessi-
ble, patients were asked to
bring medication bottles to
visits.
Employees have worked
around the clock in the past
few weeks to restore services,
which are mostly back to nor-
mal, he said.
Cyberattacks like this are
pummeling doctors, dentists
and community hospitals
around the country, causing
some to turn away patients
and others to close their doors
permanently.
Health organizations are an
attractive target for cyber-
crime thanks to their valuableBYADAMJANOFSKYHackers Hit Health Providers for Ransom
Campbell County Health, which operates a hospital in Wyoming, was recently targeted in a cyberattack and forced to cancel services.CAMPBELL COUNTY HEALTHHealth system
CEO Andy
Fitzgerald
declined to say
whether he
paid a ransom
demand.Slack made its debut at the NYSE in June. The company’s shares have dropped after an initial surge.RICHARD B. LEVINE/ZUMA PRESS
There’sareason
businesseschoose
MutualofAmerica.
People.
Retirementplansforemployersthatbelievepeople
andrelationshipsmatter.Getdedicatedservice
andone-on-onesupportforyouandyourteam.
Call1-866-954-4321.
Mutualof America®andMutualof AmericaYourRetirementCompany®areregistered
servicemarksof Mutualof AmericaLifeInsuranceCompany,aregisteredBroker/Dealer.
320ParkAvenue,NewYork,NY10022-6839.