Ransomware Case Study – Practice Bounces Back From Attack
Cyber security issues are a delicate topic for any business. As a result we will protect the identity of this client in this ransomware case study. For the sake of privacy, let’s call this client This Practice. This client is a specialised medical practice who employ around 30 staff members. As a specialised practice, our client has a whole floor of sophisticated medical machines and equipment. This high-end equipment is dependent on reliable IT, and stable IT infrastructure.
This Practice came to us with a real issue. They had suffered multiple ransomware attacks on their system and as a result, business was suffering. Each week they were hemorrhaging time and money trying to figure out how to handle these attacks and to restore their data each time. In the end, they had a third-party organisation perform an audit on their environment. This auditor then referred them to Stanfield IT to address this recurring cyber security issues.
Stanfield IT was faced with a few concerns with this client. They were suffering so many ransomware attacks because their cyber security situation was insufficient. These malicious attacks were damaging reputation and interfering with business. It was essential to get on top of the situation ASAP. Stanfield IT made it a priority to evaluate and implement some serious cyber security solutions. The doctors and staff at This Practice felt unable to trust the integrity of their system, and we wanted them to feel secure again.
After evaluating the cyber security situation at This Practice, Stanfield IT determined that we needed to get some security essentials in place. First of all, we worked to implement the ‘essential eight’ as advised by the ASD. The Australian Cyber Security Centre recommends these strategies as a bare minimum approach for cyber security. Overall, we implemented the following solutions for This Practice:
- Next Generation Firewall & Sandboxing: Sandboxing is a security practice where you isolate a program from the others, in a separate environment so that any security issues that arise will not spread to other areas.
- Maintenance Plan for Updates: We created a schedule for This Practice to ensure they kept all operating systems and vendor software up to date and patched.
- Application Whitelisting: The first step in the ‘essential eight’ prevents foreign or malicious programs executing.
- Restrict Admin Privileges: We removed administration privileges from all user accounts to reduce their access to the Internet.
- Application Hardening: Disable and block unnecessary add-ons such as Flash or Java.
- Multi-factor authentication On systems which could handle this
- Network segmentation: We segmented the network between sensitive patient data and the internet. This drastically reduces the chance of ransomware being able to take this data ‘hostage’.
- Backup Overhaul: Both on site and remotely stored backups.
- Monthly support arrangement: We implemented a fixed monthly arrangement in order to provide ongoing support to This Practice following this incident.
- Modern Email Platform: A new email platform was setup which has greater security controls.
As a result of all this work, This Practice has had no further breaches in their system. The systems we put in place for the client each fulfilled one of two purposes. Either to minimise risk of exposure or attack, or to block and contain any attempted attacks. Restricting administrative privileges, multi-factor authentication and frequent updates all have the desired effect of reducing the chance of attempted attacks. Sandboxing, firewalls and backups all work together to block and contain any attacks that might make it through these measures. Consequently, the doctors and staff at This Practice have a restored confidence in their network. They no longer fear their sensitive patient information being held ransom by malicious attackers.