RealTime Information Technology

View Original

HEALTHCARE PROVIDER hacked after employee downloaded a malicious file

If you needed a good object lesson to continue promoting regular security awareness training within your organization, here it is:

Ascension hacked after employee downloaded a malicious file.

The employee thought it was something legit, downloaded, and opened it. This gave the attackers access to a portion of Ascensions’ network and subsequently allowed access to a few of their servers, prompting them to enact their incident response plans and take some systems offline on May 8th, 2024 to contain the cyber security event – their words. 

QUICK DETECTION IS KEY

To their credit, Ascension appears to have quickly identified the issue, indicating an effective managed security service capable of detecting unusual behavior. This aspect forms a crucial part of a comprehensive approach to mitigating cybersecurity threats for the organization. Initial findings suggest that the intruders accessed files from a limited set of file servers. An Ascension representative's statement mentioned ongoing investigations revealing that some of the compromised files likely include Protected Health Information (PHI) and Personally Identifiable Information (PII) belonging to specific individuals, with variations in the data types exposed. 

This is a comprehensive explanation of the synergistic relationship between different cybersecurity layers in mitigating the impact of cyber attacks. It is evident that Ascension prioritizes the training of its employees in security awareness, a fundamental practice in minimizing cyber threats. Despite these efforts, human errors remain a possibility, necessitating additional proactive measures to further enhance cybersecurity defenses.

Other notable points:

  • Systems were set up to find and check strange actions. Nowadays, attackers use system tools to go unnoticed for a while. Many current EDR and MDR systems can spot user behaviors to some extent.

  • Data logging can show if information was viewed and taken from their systems. It helps you grasp the situation better, which many small businesses lack.

  • They have a plan for emergencies to show them what to do. It's better to have a simple plan than to figure it out suddenly. It helps to know what to do, who to call, and what to avoid.

  • They did a fairly good job with the message they conveyed to customers. On the internal front, though, there appears to have been some confusion and disarray.

Their systems were mostly down for about two weeks perhaps because of investigations and making sure the hackers were gone. A good Business Continuity Plan includes having instructions for backup methods when computer systems are down, so you can keep running your business with some limitations, depending on what you need. 

Ascension statement: https://about.ascension.org/en/cybersecurity-event