Another Hospital Breach…not a Surprise Unfortunately

A few questions:

  1. How exactly did the third-party get compromised? What network segmentation was in place or not?
  2. How much is the breach going to cost Sentara?
  3. Did Sentara conduct any cyber security due diligence with the third-party vendor? Vulnerability assessments? Monitoring?
  4. How was the breach detected? Did Sentara detect it?  Or were they notified from elsewhere? What worked? What didn’t work?

It’s critically important to work closely with HIPAA/HITECH business associates on a technical cyber security level since the hackers will take advantage of the weakest link in the connected IT systems.

Heck…with any business associate…Target was compromised through an HVAC vendor.   If the company networks are connected, they need to be under continuous monitoring and vulnerability tested at least annually.

What to Do When Your Business is HACKED!

“We’ve been hacked! What did we lose? We don’t know yet. When did it start?  We don’t know that yet either.  What do we do next?  Who do we contact FIRST?”

  1. FBI
  2. Attorney
  3. IT Provider
  4. Cloud Provider
  5. Clients or Customers

Making this decision in the heat of a crisis is not ideal.  To minimize business impact and cost, do you know exactly what to do when your business gets hacked?

The right answer? B. Attorney. Getting legal help immediately is the correct answer in most situations. One big reason is attorney-client privilege; you and your attorney control information release and can shape the messaging. Secondly, breach notification requirements vary based on location. Careful compliance assessment and prompt action can avoid significant penalties.

Obviously, your IT staff will also assess the situation in parallel.  Some businesses choose to recover as quickly as possible—an approach that can leave your operations vulnerable to the same attack. Professional cyber security support may be required to determine root cause and identify mitigations to prevent future attacks.

To prepare effectively, get help. Do you have an Incident Response Plan?  If not, LP3 can help. Contact LP3 for a comprehensive vulnerability and business risk assessment.

References:
http://www.networkworld.com/article/2938013/security0/7-things-to-do-when-your-business-is-hacked.html
http://blog.rackspace.com/your-company-has-been-hacked-now-what

How Much Will Idle Staff Members Cost Your Business Per Day?

10 Tips on avoiding Ransomware

We are going to be covering each aspect of the ransomware attacks, from prevention to recovery over the next few posts. Today, we are focusing on how to AVOID the attacks in the first place. None of this is “full proof” but it is at least a heavy step in the right direction.

https://lp3.com/1/avoiding-ransomware-attacks/

If you have questions on how to protect your organization from business disrupting cyber attacks, contact sales@LP3.com.