Ransomware has been holding a pretty stable spot in the limelight as of late. We had the global WannaCry attack last month, and then the massive Peyta campaign that hit this month. Between these two, ransomware has become a much greater concern for organizations and individuals all around the world, as it has displayed that many entities are at risk. But aside from these massive attacks, there are also individual ransomware incidents that continue to occur all around the globe as well. In a recent one of these, the medical provider Atlantic Digestive Specialists (ADS) in New Hampshire was infected by ransomware.
According to a notice that the company had sent to the New Hampshire attorney general’s office, the breach “may alter the security of personal information” for 94,195 residents of the state. Fortunately, ADS has said that they do not have any evidence that the resident’s personal information has actually been compromised, stating, “To date, ADS has no evidence of any actual or attempted misuse of information as a result of this incident.” They discovered on Feb. 20 that some of their systems had been infected with the ransomware, and had addressed the issue within two days, but did not send notice to customers until June 21st. In their letter to the attorney general, they said that the investigation of the incident is still underway, and a third-party forensic investigator was involved to help determine the extent.
Addressing a Breach
When it comes to data breaches, notifying those affected is one of the most important factors. This is why it is so surprising that ADS had waited 4 months before notifying their customers. Some organizations have done this in the past and used the excuse that they were working to discover the full details of the incident first, but it generally should still not take four months for an organization to let people know that they were potentially affected. On the other side of the coin, there was one action that ADS had done very correctly, which was providing further protection for those potentially affected. They are offering their patients one year free of credit monitoring through Equifax. If patients choose to take advantage of this, it can help to protect their finances because any suspicious activity can be immediately addressed. Data breaches are one of the largest difficulties that we face in our modern age of cyber technology, and it is vital that affected organizations properly remediate an incident to protect themselves and their public.
Addressing an Incident with Cyber Investigation Services
As is mentioned in the above story, ADS had employed a forensics investigator to look into the incident, and this is often necessary for a breach. There are many different factors that need to be evaluated in the event of a cyber attack or breach, such as the immediate damage, vector of attack, affected information, and source. Many organizations tend to neglect trying to trace the source of an attack, but this is important as it allows them to pursue further action against the perpetrator, such as taking legal measures. Oftentimes, an organization does not have the resources to conduct an investigation themselves, which is why they will bring in third party experts. This is a smart move, as it is important that an investigation is thorough. A poorly done investigation can miss many parts of the situation. Massive Alliance offers cyber investigation services that can review and discover all sides of an attack or breach.