Urology Austin, a healthcare provider with 13 locations in central Texas, was the target of a cyber attack on January, 22 2017. It appears that the attackers were able to encrypt data on the company servers in an attempt to charge ransom through a ransomware attack. It was not clear whether the hackers were able to actually access any of the data that they encrypted. However, notification was sent to 200,000 patients as a precaution.
The attack was detected within minutes and the company immediately shut down their systems. According to Urology Austin, they were able to restore data from back ups and it was not necessary to pay a ransom. It is believed that the attackers were able to gain access to the company systems and encrypt the company data by an employee responding to a bogus email.
Urology Austin’s quick actions indicate that they have an incident response plan in place with trained personnel ready to respond. Having cyber security policies in place with a good incident response plan is the best defense to minimize exposure beforehand and reduce the damage afterward. The only way to defend against a malicious email is by training employees not to click on the wrong link or respond to the wrong inquiry. This is achieved through diligent training and constant awareness so that your employees know what to look for and when their alert senses should perk up.
No one is immune to malicious emails. It is believed that a similar bogus email tactic was used against the DNC to more effective results. No organization, large or small, is immune to this type of attack.
If you don’t have a cyber security policy and an incident response plan in place, now is a good time to do so. These two items are required by many compliance programs, including PCI, EI3PA, NIST and others. If you would like assistance establishing a cyber security policy and incident response plan, or to get up and running quickly with an employee awareness training program contact Aeris Secure. We can get you there with minimal hassle so the likelihood of your employee making a mistake is reduced and if one does your response can be as effective as Urology Austin.
If you have been a patient at Urology Austin and are concerned about whether your data was affected they have established a call center to answer any questions.