The Client:
(Omitted for Privacy)
The Challenge/The Client:
A private local medical office was hit with a ransomware attack resulting in over a week and a half of downtime and devastating financial impact. Within the last 5 years alone, over 4,000 ransomware attacks have happened daily in the U.S. (Justice.gov journal)
An employee unknowingly clicked a harmful link that came through a phishing email. In an instant, their practice completely lost control of their systems, patient information, and sense of security. Imagine being that employee and the fear you must feel the moment you realize your whole organization and all the information within is now at risk.
Ransomware connects itself through one computer to the entire network by seeking out all other devices on the network, infecting every single one to which it is connected. This caused their entire network system, workstations, and devices to be completely locked up and without access.
The Impact:
Their office was down for 7-10 days. They had to close their doors, turn patients away, and completely start from scratch with their infrastructure. Besides the financial impact of creating and implementing a recovery plan (including support hours, equipment cost, etc.), the cost of having to explain to your patients that there’s been a breach and their personal health information is at risk is immeasurable.
There was also the additional cost of purchasing new computers to remain operational during the rebuilding phase.
Solution:
Merit Technologies not only created a recovery plan for this practice, but also a proactive plan to ensure they’re fully protected against any future attacks. This solution included the restructuring of their infrastructure through On-Cloud Hosting, SOC Services, and Security Awareness Training as well as implementing a compliance solution allowing them to receive a third-party validated HIPAA Seal of Compliance.
Using automation and human processing, Merit Technologies now has full time eyes on their network, monitoring traffic in and out. With Security Awareness Training, the practice is now able to see which employees are most vulnerable. They can train their employees on what to look for and how to spot malicious, deceptive attacks, reducing their overall threat, because at the end of the day, the end user is most susceptible.
Results:
Fortunately, this practice recovered from the ransomware attack without paying the ransom demanded by their attacker. They were able to lean on the team at Merit Technologies to completely rebuild their infrastructure and move towards a proactive solution. Their network is now monitored 24/7 to stop threats before they hit their computers. Their infrastructure has multiple layers of security giving them complete peace of mind that their data and PHI are properly protected allowing them to fully protect their patients.
