We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/
Blog
/
Major Healthcare Provider Survives Ransomware…
Digital Intelligence & Cyber Security | Customer Stories
Major Healthcare Provider Survives Ransomware Attack
Share this Post
Who is Unique Wire? Unique Wire is a leading provider of digital forensics and analytics, specializing in the lawful access and extraction of data from any digital device. Unique Wire has experience in government intelligence, military, and law enforcement, Fortune 500 corporations, and the legal sector with considerable expertise across a wide range of capabilities such as digital intelligence, data analytics, software programming, network and computer security, evidence collection, and cyber security.
What’s the story? Following a ransomware attack, discover how Unique Wire safely restored a major healthcare provider’s compromised network with the help of OPSWAT’s MetaDefender Managed File Transfer—all without interrupting business operations.
When everything on their servers was compromised, Unique Wire used OPSWAT’s MetaDefender Managed File Transfer solution to restore this customer’s data while keeping their business operational.
Cyberattacks: The Biggest Threat to Businesses in Decades
In a recent report, Cybersecurity Ventures says it expects global cybercrime costs to “grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.”
The Cybersecurity & Infrastructure Security Agency (CISA) in the US provides a global definition of critical infrastructure as the “16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
Healthcare and the Public Health Sector is an excellent example of how a global threat at the national level impacts companies that support specific sectors identified by CISA. Globally, governments must protect the healthcare sector. At the enterprise level, companies working to support healthcare and the public health sector need to protect their own internal infrastructure, which we might define as any devices, files, or servers used in the normal course of business.
Enterprises are doing everything they can to protect their critical infrastructure, but as careful as they might be, it only takes one misstep to cause a massive data breach. That’s when companies like Unique Wire are called upon to recover data and deal with cyberattacks that may have contaminated an enterprises’ entire system.
Early on in their history, Unique Wire provided digital forensic services primarily for law enforcement. Over time, however, the boutique digital forensics firm has expanded and now offers resources worldwide to cover the full spectrum of requests relating to data breaches, IP theft, human and drug trafficking complaints, ransomware attacks, and even murder. Although Unique Wire continues to support law enforcement agencies, clients now include large international law firms and corporations that have learned about protecting their internal infrastructure the hard way after suffering cyberattacks.
As Brian Feucht, President of Unique Wire said in a recent interview, “One virus, one piece of malicious software inside of a network can compromise everything.” And many times, these viruses come from uploading customer’s tainted files.
You have to control what goes onto your network, period. Whether it’s through your firewall, through your email, through USB, through a CD-ROM, if it could touch your network, you need to know exactly what those files are before they touch your world. If you’re going to install software, you need to know the vendor. Your network is your castle, and anything that’s inside your castle that you say is safe, you better be darned sure it’s safe….It’s all about protecting your network.
Brian Feucht
President of Unique Wire
A Flawless Deployment
In a recent case, a large healthcare provider turned to Unique Wire for their services when they were taken down by a colossal cyberattack. Unique Wire recommended that the healthcare provider deploy OPSWAT’s MetaDefender Managed File Transfer solution to get back up and running as quickly and safely as possible.
Unique Wire supervised the smooth and flawless deployment of MetaDefender Managed File Transfer and used the solution to scrub all the files before it was migrated back onto a secure, clean server. “We brought it [MetaDefender Managed File Transfer] in…and they did the deployment inside. But I can tell you that it was the only deployment that I’ve never heard complaints about.”
When asked by Feucht how the deployment went, the healthcare provider’s IT team said, “We put it in [and] it was really easy. They [OPSWAT] were helpful. We didn’t have to worry about anything.”
This platform protects organizations from cybersecurity threats in data that originates from a variety of sources, such as web, email, portable media devices, and endpoints. MetaDefender Managed File Transfer is a fully secure, integrated solution that utilizes multiple anti-malware engines to provide the highest detection rates of known threats and deliver extremely fast malware outbreak prevention.
MetaDefender’s Deep Content Disarm and Reconstruction (Deep CDR) assumes all files could be infected and rebuilds their content using a secure and efficient process. It supports more than 100 file types, and outputs safe and usable files. Deep CDR is extremely effective in preventing targeted attacks, ransomware, and other types of known and unknown malware threats.
This specific case underscores how important it is for enterprises to protect their internal infrastructure. Here’s what happened.
Diary of a Cyberattack
“A large healthcare organization was hit with a ransomware attack that encrypted their servers,” Feucht began. “Proliferation was found down to some of the internal end clients. There was a large data exfil that happened…. This was an unknown vulnerability, an unknown exploit, and no one knew what was possible with this exploit. So it was a scenario where everything they had was compromised, from payroll to employee records.
“When we went in, we identified how it happened, relayed that to the cybersecurity side, and then we dealt with…more of the immediate action of ‘Who did it?’ ‘What was their MO?’ and what steps needed to be taken [to meet] federal and state regulatory compliance.
“The critical part was you just couldn’t trust any files. There was nothing on the old computers, even if they didn’t show up as infected, that we could trust, because at that stage the network’s already been penetrated. And that’s really what it came down to, is there was zero trust in what could be done at that stage. And the MetaDefender Managed File Transfer solved that. It isolated it [the data], it filtered it, [and] it controlled the access. It was everything we needed in order to mitigate the risk, moving from a dirty system to a clean system.”
The Deployment Phase
Trying to keep the healthcare provider’s system up and running while repairing the damage to their critical infrastructure was no easy task. The Unique Wire team had to devise a way to take contaminated files offline, clean them, then store them securely on a clean network without disrupting daily operations. To manage this, Feucht and his team set up two separate networks. “One was the dirty network and one was the clean network,” Feucht explained. “We slowly started migrating the files from one side of the world to the other side of the world. And [at] that middle point [is where we used] OPSWAT’s MetaDefender Managed File Transfer.”
The moment files enter MetaDefender Managed File Transfer, they are scanned for malware and vulnerabilities by more than 30 of the cyber industry’s best malware and heuristics engines. Files are then re-scanned and evaluated continuously as virus definitions are updated in order to avoid targeted and advanced attacks.
Suspicious files are sanitized. Rules can be created to block access to files for a pre-set containment period to enable vendor analysis and engine updates for new malware outbreaks.
Workflow job function and approval sequences confirm who must authorize inbound and outbound files and who can access them for total security.
OPSWAT has become the solution provider that Unique Wire recommends for many of its customers. “We probably bring it in to all the clients once or twice a month,” Feucht said. “We tell them, ‘This is what we’ve seen work, and we never hear a complaint about it.’”
Keeping Infrastructure Secure
Whether you’re a government agency or a private enterprise, anytime you bring data in from the outside and add that to your internal database, you are opening the door to a cyberattack. A single firewall is not enough. Public-sector agencies and private enterprises need critical infrastructure protection (CIP) to guard against both external and internal security threats at the point at which data is ingested.
“It comes down to [creating] layers of security,” Feucht continued. “In the forensics space, you bypass your own firewall when you do an extraction and then plug that data from that hard drive into your network. You could bypass so many layers of security that you’re just exposing yourself to a risk. But by having multiple layers, or layers that are equally as publicized as your firewalls, and putting those internally on your workstations or dedicated data intake points, you add that internal firewall for these large data collections that we have to [deal with].”
OPSWAT is dedicated to protecting the world’s critical infrastructure. It is one of the few companies that provides this level of security to protect critical infrastructure with technology that ensures files and devices are malware-free before data is transferred onto existing systems.
With the proliferation of cyberattacks, cybersecurity professionals must have the right tools and training to keep their critical infrastructure safe. To help prioritize workloads and prevent backlogs, current and prospective workers must be efficient in the responsibilities and technical proficiencies most applicable to protecting critical infrastructure environments.
Creating and maintaining secure data exchange processes between segregated networks.
Ensuring proper device posture checks to determine which devices can access which organization assets and segregated networks.
Disarming content that has potential for carrying malware from a variety of sources and file formats.
Best Practices
In dealing with clients all over the world that have been breached, Feucht has some suggestions that can save companies a lot of headaches:
Bolster Your Defenses
“You need to increase your internal defensive posture. It’s the number one thing we see. Attacks aren’t being executed without someone on the inside doing something. And in the case of the e-discovery and forensics world, you’re bypassing all of your security in a lot of cases, but just dumping this onto your system, so increasing your internal defensive posture against malware is requisite….
“If someone gets phished that’s a client of yours, a malicious package is downloaded to their computer, you conduct an extraction, and you start digging into what files are there. What happens? You’re bringing that contaminated thing into your network. And frankly, you’re bringing it in with no knowledge of what exploitations or viruses are on that thing, because you’re bringing it in blindly: ‘I’ve got to analyze this.’ And there needs to be an internal firewall to manage that.
Get Your Staff Trained
“Knowledge and best practices is an ever-evolving game, especially in this space. Training is absolutely requisite. In your police departments you’ve got evidence techs, but those evidence techs don’t touch the digital side. It’s really pushed to the actual forensics lab to keep track of their extractions. And it’s bigger than physical evidence tracking, because you could walk into a room and touch evidence, yet you can’t necessarily see who’s walking into a room and touching your digital stuff.”
The OPSWAT Academy addresses the CIP cybersecurity skills shortage through courses that promotes the best practices and practical approaches successfully implemented in the most secure critical infrastructure environments.
Don’t Hide Breaches
“I think they [companies] need to reach out immediately to the authorities that they’re required to report to. It might be bad for your stock, but the [potential for] lawsuits and the criminal charges is worse. We kind of have a feeling now that every organization is going to be breached at some time, in some manner. When you start seeing data exfil-ed, you need to make people aware….
“The best protection is honesty…. In our case, no legal action was ever taken against the healthcare organization. No federal crimes, no state crimes, no class action. They did everything right and by the book. And yes, it cost them a little money at the end of the day. But they now have an increased security posture. They use OPSWAT. They have an organization now that is much more responsive to the end user requirements.…They didn’t go out of business; they took care of their clients—their patients—and they’re continuing to move forward.”
Paying the Investment Forward
In these troubling times when cyberattacks continue to rise leaving government sectors and private enterprises more vulnerable than ever, investing in technology today to protect your critical infrastructure from attacks tomorrow just makes sense. When weighed against the economic fallout that a government could face or the revenue loss that can occur if your company is attacked, taking steps to ensure your critical infrastructure is safe and secure is one of the smartest investments organizations can make.
Outbreak Prevention
Prevent advanced, sophisticated attacks and ensure your organization can handle false negatives through a variety of options.
Access Control
Enforce workflow processes that require authentication and restrict access and sharing of files, by job role and file type.
User Management
One unified view simplifies user classification and management.
Notifications
A variety of options, allowing you to configure and receive email notifications for different actions, give you complete visibility into the workflow for immediate response to potentially harmful actions.
Multi-Use Solution
MetaDefender Managed File Transfer integrates with MetaDefender Kiosk, eliminating wait times at the kiosk so that processing can occur in parallel to critical infrastructure access processing procedures.
Audit Trail
Maintain a record of all user actions (adding and deleting users, file upload, transfer, deletion, sharing, blocking, and purging) to fulfill requirements for corporate compliance.
Multiple Storage Options
Flexibility to store in multiple locations for maximum productivity - locally, somewhere on your network, on S3, or any S3 compatible storage. Store original files in a separate location from sanitized files. Limit access to originals for added security.
A Trusted Network List
Restrict access to trusted networks for additional security. Apply upload or download restrictions for users that log in using different IP addresses for additional security.
To see how OPSWAT’s innovative solutions can keep your critical infrastructure safe talk to an expert today.
