California Healthcare Organization Shutdown by Ransomware

Here we go again!  We've been talking about how cyberthreats are at an all-time high, and recent news about Partnership HealthPlan of California being hit with Ransomware is yet another reminder that the risk is real, and the damage malicious attackers can do is immense.  These attacks have been increasing for years with approximately 850,000 attacks for 2021 with losses exceeding $4.2 billion in just last year alone.  This attack is sure to have cost the business millions of dollars, with the average fine reaching $1.5 million dollars alone.  That doesn't include the cost to business operations as they were forced to move away from their digital services, while only being able to provide limited care to patients, and we certainly can't forget the brand damage that will follow.

And the worst part?  It likely was entirely preventable.  Reportedly the organization was investigating "technical issues" as early as March 24th, and stolen records were appearing leaked online by the 29th, with the hackers saying they had stolen the data on the 19th of March.  Attacks such as these don't just "happen overnight"!  Indicators of these threats appear weeks if not months prior, with cyberattackers looking within an organization (we call this the recon phase) to determine what is the best avenue of attack.  Once they determine vulnerabilities, gain the access they need to systems as well as any valuable data, they will then move into implementing an array of methods to guarantee the attack is successful.  The window to catch these attackers can be extremely just have to be looking, and most IT organizations aren't!  Is yours?

London Security has caught attackers mid-attack before

One of the reasons London Security believes attacks like this are preventable, is because we have prevented them.  We have caught attacks during early stages with customers where we analyze their security environments utilizing our Ransomware Risk Assessment.  We've seen attacks in various stages of progress from the attempts to deploy their agents all the way up to them getting ready to begin encrypting systems.  And we have successfully stopped them.  That is the strength of working with a security company that utilizes a 24/7/365 solution which provides actionable responses.  Our SOC analysts can step in and stop an attack before it begins.

Most of the problems organizations face catching these sorts of attacks come from a combination of resources, staffing, and cybersecurity planning.  Post-Covid IT teams are overworked as they handle work-from-home situations, and a growing trend of users being allowed to work from a number of devices which previously may not have been allowed for security reasons.  Working from phones, on unprotected networks, or even personal home computers has made many security processes that relied on the strength of a corporate perimeter security (firewall, virtualized environments, and strong data privilege control) extremely ineffective.

How can you secure environments where everyone is an administrator?

It is irresponsible to "expect" to be hacked when you can prevent it

Do you NOT teach your kids how to drive, because you expect them to crash?  Would you ignore stop lights?  Do you leave your house unlocked because you're neighbor got robbed and it's only a matter of time before they hit yours?  Of course not!  These are ridiculous comparisons for a reason - because it is NOT inevitable to be hacked.  While it is inevitable to be attacked, there is a lot you can do to prevent security breaches from happening, or stopping them in their tracks.  It is critically important to have plans in place for handling security events, so you know how to act to prevent your organization from being breached when you see indicators of compromise.

The value of a strong security process and an actionable 24/7/365 security response is you can make sure that when indicators of compromise show up, they are acted on.  The worst part of many security breaches is when you go back through logs and find out you could have stopped this if you had acted sooner.  Attackers work toward creating that "perfect storm" in your environment before they launch their finalized attack, and catching it and disrupting that action can be the difference between spending millions on a breach or not.

Reach out to us for a Ransomware Risk Assessment today, by clicking the button below.  We have saved our customers millions of dollars, and countless hours of time that would have been spent recovering from security breaches.  Let us help you to not become the next headline.

Register for your Ransomware Risk Assessment!