The number of cyber attacks across all industries increased by 81% in 2021, signaling a new trend in cybersecurity concerns for 2022, and beyond. To gain insight on just how devastating cyber attacks are, here is an overview of an Oral and Maxillofacial Surgery (OMS) practice that was hit by a crippling ransomware cyberattack that resulted in a tremendous loss of data.
Practice Background:
A four location OMS practice with approximately 60 computers connected via a VPN (virtual private network).
IT Background:
- Full-time IT staff
- High-end enterprise firewalls at each location
- Running a dedicated OMS software solution with 2D and 3D digital radiography shared across all locations
The Event:
In 2021, the practice noticed that something was wrong with their network when their files suddenly became inaccessible. This was the result of a ransomware attack that took place within a few minutes. The ransomware had spread through their VPN (virtual private network) and impacted every computer and server, leaving their systems completely down. The practice lost all their documents & X-rays, and any attempt to restore their files from remote storage resulted in a failure.
Systems Impacted:
- Practice Management Software
- Imaging - 2D and 3D
- Insurance Claim Processing due to the loss of documents
Initial Forensic Findings:
An initial forensic analysis determined that the hackers first found an open Remote Desktop Protocol (RDP) port. Once they gained access through the RDP port, a weak password enabled them to actively inject the ransomware into the network. This gave the attackers complete access to the network. The hackers asked for an exorbitant amount of money for the key to decrypt the data, which law enforcement advised against paying. A full forensics exam is currently underway.
The Breach Remediation Process:
- A major IT initiative was required to bring the system back online
- Data recovery attempt
- FBI and State Police Notification
- A security review and implementation of new policies and procedures
- Contact made with malpractice carrier regarding breach
- Assigned an attorney by the insurance carrier
- Notification to all patients via 1st class mail
- Notification in local newspapers
- Notification on the practice's website
- Identity theft monitoring
- Set up a call center for 90 days for patients to have access to information regarding the breach
- Notification to Health and Human Services and the Office of Civil Rights
- Ongoing security enhancements and system hardening
- Employee cybersecurity training
- Vulnerability Scanning
- Penetration Testing
- PR damage control
The Take-Away
- Don't assume that just because you have a good IT company or full-time staff that you are secure from a cyber attack. It takes a company who specializes in cybersecurity to thoroughly evaluate and secure your infrastructure. Because self validation poses a high risk, incorporating a third-party to validate your security systems ensures risk mitigation and prevention that are beyond the scope of IT. Even a small mistake on a network configuration can result in a disaster. Third party validation is standard operating procedure for all businesses.
- Under the HIPAA Security Rule, you must train your staff on cybersecurity threats. Make sure you engage a company that specializes in cybersecurity training.
- Don't take cybersecurity lightly. A breach or ransomware attack can have devastating consequences. The financial and emotional toll on you & your staff is significant, while the amount of time required to recover inhibits successfully operating your business.
- Don't think it can't happen to you. Hackers are increasingly going after small businesses, as well as healthcare entities, because they know they have weak defenses. 2021 was a record breaking year for cyber attacks with a 71% increase in healthcare attacks alone. It is very easy to find your information online and exploit your practice based on public information.
- If you do get hit, you must immediately consult with an attorney. Failure to report the breach can result in significant penalties and under most circumstances is a violation of federal and potentially state laws.
- Make sure you have a viable backup that has been restored and tested to validate its data integrity.
Call Black Talon, the cybersecurity specialist, at 800-683-3797 or email today to learn more about securing your most valuable asset.