Virtual Care Provider Inc. (VCPI) a Milwaukee-based company that provides technology services to more than 100 nursing homes across the country has been hit by Russian hackers who are still holding data from the nursing homes hostage.
A Terrible $14MM Miscalculation
As we have reported many times on this blog through the years, government and healthcare organizations are top targets for hackers who believe that these organizations live in a “must pay” world. The problem with this particular attack is that VCPI was perceived by the Russian hackers as being much larger and financially stout than it actually is. As it turns out, there is no way that they can pay the $14MM ransom, even if they wanted to. This obviously is a problem for the hackers and the nursing homes alike.
Do As I Say Not as I Do
In a display of irony that would make O’Henry proud VCPI, which provides internet security and data storage services to nursing homes and acute-care facilities, has a blog post on its site that provides guidance as to how not to fall victim to email phishing attacks! The very same type of attack that led to the ransomware attack!
It’s Not Too Late Till It’s Too Late
According to information shared with Krebsonsecurity.com, by security expert Alex Holden the attack took place over a period of 14 months and up until the final 3 days the catastrophe could have been avoided.
“While it is clear that the initial breach occurred 14 months ago, the escalation of the compromise didn’t start until around November 15th of this year,” Holden said. “When we looked at this in retrospect, during these three days the cybercriminals slowly compromised the entire network, disabling antivirus, running customized scripts, and deploying ransomware. They didn’t even succeed at first, but they kept trying.” –Alex Holden
Prevention, Detection and Response
At Konsultek we create customized security solutions that utilize the most advanced prevention, detection and response technologies available. This holistic approach to security can help your organization stay ahead of cybercriminals and hackers who manage to penetrate your system defenses through social engineering means such as the phishing emails that compromised VCPI. Want to learn more? Give us a call and let’s discuss your specific situation and how we might be of service.