Ransomware Case Study: Practice Bounces Back From Attack
Cyber security issues are a delicate topic for any business. As a result we will protect the identity of this client in this ransomware case study. For the sake of privacy, let’s call this client This Practice. This client is a specialised medical practice who employ around 30 staff members.
As a specialised practice, our client has a whole floor of sophisticated medical machines and equipment. This high-end equipment is dependent on reliable IT, and stable IT infrastructure.
Overall, we implemented the following solutions for This Practice:
- Next Generation Firewall & Sandboxing: Sandboxing is a security practice where you isolate a program from the others, in a separate environment so that any security issues that arise will not spread to other areas.
- Maintenance Plan for Updates: We created a schedule for This Practice to ensure they kept all operating systems and vendor software up to date and patched.
- Application Whitelisting: The first step in the ‘essential eight’ prevents foreign or malicious programs executing.
- Restrict Admin Privileges: We removed administration privileges from all user accounts to reduce their access to the Internet.
- Application Hardening: Disable and block unnecessary add-ons such as Flash or Java.
- Multi-factor authentication On systems which could handle this
- Network segmentation: We segmented the network between sensitive patient data and the internet. This drastically reduces the chance of ransomware being able to take this data ‘hostage’.
- Backup Overhaul: Both on site and remotely stored backups.
- Monthly support arrangement: We implemented a fixed monthly arrangement in order to provide ongoing support to This Practice following this incident.
- Modern Email Platform: A new email platform was setup which has greater security controls.
Consequently, the doctors and staff at This Practice have a restored confidence in their network. They no longer fear their sensitive patient information being held ransom by malicious attackers.