In an update on the recent Ascension Health care breach, officials say the breach was caused by an employee downloading “a malicious file.”
“An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake.”
The breach caused Ascension’s EHR system to be taken offline, forcing staff to revert to manual, paper-based processes for recording patient information, ordering tests, and managing medications. Patient care was delayed for days.
In the Wednesday update, Ascension said that some services were still being impacted, more than a month after first detecting the breach on May 8th.
On an encouraging note, the provider said that the attackers were only able to steal data from seven of the approximately 25,000 servers in their network.
“At this point, we now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks. These servers represent seven of the approximately 25,000 servers across our network.”
Brett Hansen, CGO, Cigent had this to say:
“It is naive to presume that people are not going to make mistakes and detection and response will prevent incidents. Employee education and EDR have long proven to be insufficient – organizations need to augment to include proactive protection of data with technologies including zero-trust access controls.”
Emily Phelps, Director, Cyware follows with this:
“Like with cybersecurity, in the healthcare industry, trust is everything. This increased transparency could stem the need and ability for healthcare entities to provide more transparency, more quickly. Regulatory requirements and the potential for severe penalties have undoubtedly played a role, but there is also a heightened awareness of the reputational damage that can arise from mishandled incidents.”
This is a prime example of your defences needing to be Muti-layered. As in having multiple layers of defence so that you are way less likely to be pwned by a threat actor. Because by not doing that, you get this exact result.
Related
This entry was posted on June 15, 2024 at 8:10 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ascension Health Pwned Via A Malicious File Downloaded By An Employee
In an update on the recent Ascension Health care breach, officials say the breach was caused by an employee downloading “a malicious file.”
“An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake.”
The breach caused Ascension’s EHR system to be taken offline, forcing staff to revert to manual, paper-based processes for recording patient information, ordering tests, and managing medications. Patient care was delayed for days.
In the Wednesday update, Ascension said that some services were still being impacted, more than a month after first detecting the breach on May 8th.
On an encouraging note, the provider said that the attackers were only able to steal data from seven of the approximately 25,000 servers in their network.
“At this point, we now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks. These servers represent seven of the approximately 25,000 servers across our network.”
Brett Hansen, CGO, Cigent had this to say:
“It is naive to presume that people are not going to make mistakes and detection and response will prevent incidents. Employee education and EDR have long proven to be insufficient – organizations need to augment to include proactive protection of data with technologies including zero-trust access controls.”
Emily Phelps, Director, Cyware follows with this:
“Like with cybersecurity, in the healthcare industry, trust is everything. This increased transparency could stem the need and ability for healthcare entities to provide more transparency, more quickly. Regulatory requirements and the potential for severe penalties have undoubtedly played a role, but there is also a heightened awareness of the reputational damage that can arise from mishandled incidents.”
This is a prime example of your defences needing to be Muti-layered. As in having multiple layers of defence so that you are way less likely to be pwned by a threat actor. Because by not doing that, you get this exact result.
Share this:
Like this:
Related
This entry was posted on June 15, 2024 at 8:10 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.