Cybersecurity

Ransomware Attack Highlights Need for Better Cybersecurity Tools and Methods

Short on time? Listen instead.

A data breach is one of the most invasive and disheartening situations to which a cybersecurity professional or organization can be subjected. Still, it becomes even more so when it occurs well before you discover it. When you discover a breach that has been in your systems for an extended period and then find you haven’t the appropriate tools to investigate it, the breach becomes a crushing weight.

For various reasons, organizations and cybersecurity groups sometimes are at a disadvantage when protecting themselves and their clients from a breach. It can become a problem that destroys a company or team pretty quickly.

While it hasn’t destroyed the organization involved (so far), a ransomware attack against the Professional Finance Company (PFC) of Colorado has undoubtedly shown them their cybersecurity and tools for detection and remediation require some TLC and more significant investment.

What Happened

Just for background, PFC is a debt collection company that works with (among others) healthcare providers to recover unpaid or late-payment debts owed to the providers. In February of this year, they discovered that they were under attack by a threat actor using a ransomware attack. Because of a lack of tools to investigate the breach and discover how far it had gone, as well as what data was affected, PFC is still dealing with the fallout today.

PFC did not begin informing the affected healthcare providers until May, and their notification to the Department of Health and Human Services Office of Civil Rights didn’t occur until July, almost two months after notification to their clients. 

All in all, over 650 providers and over 1.9 million individuals were affected by the breach.

For details:

What could have been done better?

Without a complete understanding of what protective measures were in place, the tools available, staffing, and other essential topics, it is impossible to give a full rendition of what might have been needed, but we can make some educated recommendations. Note we will not be talking about or recommending specific applications or programs.

  1. Start by making sure that you have applications and devices such as antivirus software and intrusion detection/prevention systems (IDS/IPS) in place within your systems and networks:
    • Antivirus and antimalware applications help to protect against such things as ransomware and trojans;
    • IDS and IPS systems watch over the systems inside their perimeters, blocking problem items and detecting when there are attempts to infiltrate your networks.
  2. Use settings on your devices at the perimeter and within to detect anomalous behavior:
    • Create a baseline of good behavior when you first attach or use a system, which will allow you to detect harmful behavior;
    • Use detective systems and algorithms to watch for abnormal behavior and notify when it is seen.
  3. Train your entire staff, higher management down, to use good cybersecurity practices at ALL times:
    • Email: don’t click on links unless you know they are good;
    • Don’t open messages that are from people you don’t know;
    • Watch for phishing emails;
    • Don’t download or use applications or programs that are not strictly approved by the organization (white-listing and black-listing will help a lot with this).
  4. Make it a point to have your highest management involved and committed to cybersecurity:
    • Including them makes it easier to get the finances and support necessary to maintain and improve your cybersecurity;
    • Staff is led by those who go before them, meaning lead by example;
    • Don’t let management push to maintain the status quo, as it will not benefit your security or your organization.
  5. Detect, protect, investigate, remediate, and learn:
    • Detect the problem as soon as possible;
    • Protect the rest of the organization by segregating and blocking connections to/from the affected systems/data;
    • Investigate the full extent of the problem beginning immediately and document everything discovered;
    • Remediate the problems found and close the gaps/vulnerabilities discovered that allowed the problem in the first place;
    • Learn from the problem resolution process and implement guidelines and protocols/procedures that help to ensure that it doesn’t happen again.

To be sure everyone is on the same page, the above recommendations are some, but not all, of the possible ways to resolve an issue like the one that PFC experienced. One more recommendation is this:

  • Invest in your cybersecurity BEFORE an incident happens!

The investment up front helps to limit the actual effect of an incident when it occurs, if for no other reason than you have accomplished the tasks and upgrades that add protective measures that will eliminate or reduce those effects. Investing after an incident is by far the least effective measure and invariably costs more in the long run. 

How will this Affect You?

While the incident mentioned above may not directly affect you, it offers you the chance to see what could happen in the event of a similar or worse breach at your own organization. Think of it this way: this breach affected over 1.9 million people and over 650 organizations they know of. How many people and organizations would potentially be affected if you had the same type of breach? Would your defenses stand up to the assault? Or would they fail?
What would it cost you to find and fix a breach like this? Financially or as pertains to your clients and how they view your business? Would it shut you down? Would lawsuits ruin you?

Do you know how a breach would affect you in the first place?

What should you do

Your organization is how you make money and serve your clients, and it is likely something you have invested much time and money into over the years. It behooves you to do everything reasonable and possible to protect that investment, right?

  • Invest in your cybersecurity from the beginning to save money and avoid problems down the road.
  • Learn from problems that arise in your organization, or like businesses, to improve security. Watch for what others have experienced or are experiencing and how they dealt with them. 
  • Continue investing in learning and development processes to stay ahead of technological predators.

Northstarr Recommendations 

You know your business best, but Northstarr System Solutions knows cybersecurity and IT at a level that you likely do not. Let us use our expertise and experience to help you protect your organization from threats like ransomware and other problems. 

To find out more about how we can help, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!