Background
A regional medical center had a segmented network design whereby different departments within the center (Administration, Radiology, Facilities, etc.) were separated from each other within the overall network as part of a relatively secure environment. But no matter how much security is in place, clicking on a malicious link or attachment in a phishing email can bypass that security.
The Attack
An employee in Procurement received an email from a well-known delivery company providing links for tracking the status of pending delivery. The employee clicked on the link which in turn downloaded malware to the employee’s workstation. This malware quickly spread throughout Procurement and leap-frogged throughout the entire medical center’s network. The attacker used an aggressive ransomware strain to encrypt all of the files, enterprise-wide and demanded a high 6-figure ransom payment.
The medical center refused to pay the ransom and it took well over 6 months to replace all of the hardware and restore all of the affected systems. The facility was unable to offer services for 3 weeks, and patient care was curtailed during the next 12 weeks. Initial remediation and notifications cost the medical center well over $200,000. Out of an abundance of caution, the Center decided to replace all of the computers at a total cost in excess of $7 million dollars which also included the restoration of software and files.
Prevention
Training: Despite all the security hardware and software money can buy, people remain the first and last line of defense. Human error is the greatest vulnerability to any organization’s network. In this instance, JANUS was retained to develop and implement employee cybersecurity awareness and guideline training on a regularly recurring schedule.
Bifurcation: JANUS bifurcated the medical center’s network, separating the various categories of sensitive systems and information. Implementing stringent access control, JANUS worked with the medical center to lock down each network segment and to prevent unauthorized access to data. Moving forward, access was established on a need-to-know basis to help eliminate unauthorized access and accidental data spills.
Logs: JANUS ensured that the medical center’s system logging was enabled and reviewed the logging for accuracy. Moving forward, JANUS implemented a protocol called for retaining logs for a minimum of 90 days. Proper logs will allow the medical center to establish where attackers may have been should another successful attack occur.
Closing Thoughts
Cybercriminals and Nation States act with impunity due to low rates of apprehension and prosecution with most attackers located outside of the U.S. This makes it difficult to track and prosecute the attackers, and their profits remain huge. Nation States including Russia, China, North Korea, Iran, and others continue to be tacitly or directly involved in attacks. While there is no way to completely stop attacks if your network is connected to the internet, there are many things you and your organization can do to protect your operations, data, clients, and employees.
CONTACT JANUS ASSOCIATES
Since 1988, JANUS has helped hundreds of government agencies, commercial entities, educational institutions, and not-for-profits protect their infrastructures, data, clients, and employees, and we have the references and testimonials to prove these claims. Our decade-long experience has allowed us to achieve deep expertise in every sector and specialty that exists, including yours.
Contact Chris Kniffin, Corporate Director, to learn more about how a team of affordable professionals can help you secure your organization.
