Minimizing the Effects of a Breach: ABCD Pediatrics

Minimizing the Effects of a Breach: ABCD Pediatrics

Oftentimes, a prominent cyber-attack leaves us wondering why the targeted organization didn’t do more to protect themselves. And sometimes this is a correct response, like in the case of the infamous Yahoo breaches, where so many things could have been done differently to prevent the massive fallout that company has experienced as a result of these attacks.

Of course, this isn’t the case with all breaches. An organization can take every appropriate step to protect themselves, yet still be a victim. This doesn’t mean that these efforts were a failure; in a world with rapidly increasing numbers of malware and daily cyber-attacks, managing to ward off any portion of an attack is a win.

ABCD Pediatrics, a Texas-based practice, recently lived through this scenario. In a recently released statement, the organization detailed how they suffered a data breach that could have been a lot worse if it wasn’t for the safeguards they had in place.

Here’s what the happened as a result of the data breach and how they ultimately thwarted the attack.

Limited Breach

In ABCD’s statement, they detailed that on the morning of February 6, 2017, a virus was able to gain access and begin encrypting the organization’s servers. Luckily, an employee caught this, and after contacting the organization’s IT provider, the attacker was identified as “Dharma Ransomware.”

According to PC World, this ransomware first made itself visible in November and is modeled after an older form of ransomware known as Crysis. Dharma encrypts an organization’s files, with the files affected by the malware ending in “.[email_address].dharma.” The email address field is where the attacker leaves their contact information to negotiate a ransom.

The IT company informed ABCD that oftentimes these forms of ransomware do not remove data from the server; instead they encrypt and wait for payment. After taking ABCD’s servers and computers offline, the IT company was able to remove this ransomware and restore their network to working order.

Though the organization did not directly receive any ransom request, and though they did not suffer the loss or destruction of confidential patient information, the statement does note that “it could not rule out the possibility that confidential information may have been viewed and possibly was acquired.”

ABCD then contacted the FBI and Department of Health and Human Services for further investigation into this attack.

Illustrating Preparation

This story illustrates just how far proper cybersecurity management can go to minimizing the fallout from an attack. While in an ideal world, catching every attack before they can cause irreparable damage to your organization would be ideal, sometimes, despite our best efforts, this just isn’t possible.

In their statement, ABCD notes that they had, “a variety of security measures in place before this incident, including network filtering and security monitoring, intrusion detection systems, firewalls, antivirus software, and password protection.” After the incident, the organization promised they will take further steps to shore up the vulnerabilities that allowed this attacker to gain access in the first place.

All in all, in the world of data breaches this attack and subsequent defense qualifies as a success. The damage was contained and it appears no confidential patient information was lost. While suffering a breach is never ideal, the speed and certainty with which ABCD was able to respond and remediate is commendable. This is powerful, and as ABCD moves forward, they would be wise to inform their patients of the steps they’ve taken.

If you find yourself wondering what you can do to protect your organization from similar attacks, ransomware detection services – like our Threat Radar – can catch malware attempting to invade your network in real-time. This way, you can immediately begin the steps toward removing the ransomware and keeping your organization’s information safe.

Posted in BAI Security Blog and tagged , , .