A recent ransomware attack against a Michigan healthcare billing organization reveals what some consider to be one of the biggest cybersecurity threats for health sciences companies to date: vendor partners who are unable to maintain adequate security for their operations. This data breach potentially exposed the personal, health and financial information for over 600,000 residents, according to the Michigan attorney general. Even six months after the attack occurred, the affected organization still can’t say with certainty whether these records were truly compromised. While remediation began immediately, the company and partners are still reeling under the weight of the negative publicity, notification costs and system upgrades required to return to normal business operations. This massive attack illustrates the need for robust and proactive cybersecurity, particularly for organizations who collect and store personal, financial and health-related information.
Dangers of Ransomware Attacks
The cybercriminals attacked Wolverine Solutions Group, the Detroit-based billing sub-contractor, in September 2018 with ransomware with an attack so heavy that it took nearly a month to fully resolve. After several more weeks of working with an external IT investigative team, Wolverine Solutions Group was finally able to restore critical operations — on November 5, 2018. While the data that was under house arrest by the cybercriminals was encrypted, the organization can’t guarantee that the hackers weren’t able to exfiltrate the information for sale. This uncertainty has led to a lack of confidence in the organization and a loss of trust from the Michigan community affected by the ransomware attack.
Importance of Disaster Preparedness
In this particular instance, Wolverine Solutions Group may not have had an adequate backup and disaster recovery process in place. The malicious actors were able to infect their network with malware that effectively seized control of records stored by the company. The cybercriminals were then able to hold the records in an inaccessible state until Wolverine Solutions Group paid the ransom. While it is unclear whether the ransom was ultimately paid, the organization did state that they have since migrated to a different system that ostensibly has greater safeguards in place for the protection of their critical systems and data. With a robust backup and disaster recovery solution in place, the ransomware attack may have been remediated more rapidly — allowing the organization to return to business as usual.
Suggestions to Protect Your Systems
The team at Wolverine Solutions Group specifically noted that they are also training their staff in taking additional precautions, signaling that the attack may have come through one of their workforce members. Ransomware attacks currently cost businesses more than $75 billion per year, a terrifying statistic when you consider that ransomware attacks are projected to hit an organization every 14 seconds by the end of 2019 with the pace expected to accelerate in 2020 and beyond. Cybersecurity experts recommend that you take the following actions to help reduce the risk of malware.
- Invest in ongoing training for staff members, so they’re able to identify and avoid malware
- Proactively monitor systems and reporting for unexpected traffic and other cues
- Maintain a robust, offsite backup and recovery process for data and applications
- Protect and monitor endpoints
- Utilize advanced protection software, including malware scrubbers for email and protection for your websites
- Apply all patches and updates to software in a timely manner
While it’s unlikely that every attack can be prevented, when you’re actively engaged in protecting your organization any attack will be quickly identified. This allows you to get a jump on remediation and can ultimately result in fewer losses for your business. Organizations in the health sciences space such as pharmaceuticals, dental and medical practices and others are at a particular risk for this type of attack due to the perceived high value of the information that’s being stored in their data structures. When you’re ready to review your cybersecurity preparedness, contact the professionals at Coretelligent at 855-841-5888 or via email to info@coretelligent.com.
