Kalispell Regional Healthcare Provides Notification of Data Security Event

Despite being named in the top quartile for data security readiness by a third party firm, Kalispell Regional Healthcare (KRH) was recently a victim of a highly sophisticated attack on our information technology systems. Safeguarding our patients and their personal information is a top priority, and we want our community to be aware of what happened and how we have addressed it.

This summer we discovered that several employees were victims of a well-designed email that led them to unknowingly provide their KRH login credentials to malicious criminals. We immediately disabled the employees’ accounts, notified federal law enforcement, and launched an investigation, which was performed by a nationally recognized digital forensics firm, to determine whether any personal information was affected. On August 28, 2019, we learned that some patients’ personal information may have been accessed without authorization. A deeper investigation specifically determined which patients’ information may have been accessed as early as May 24, 2019.

Different information may have been involved for each person. The information may have involved a patient’s name, Social Security number, address, medical record number, date of birth, telephone number, email address, medical history and treatment information, date of service, treating/referring physician, medical bill account number and/or health insurance information.

Although there is no indication that the information was misused, we have mailed notification letters to potentially-impacted patients to make them aware of the event and the steps they can take to protect their information. All notified patients are being offered complimentary fraud consultation and identity theft restoration services. In addition, the notification letters may also offer affected individuals 12 months of web and/or credit monitoring services at no charge, depending on what information was involved for that individual. In addition, we have taken further steps to revise procedures that will minimize the risk of a similar event from happening again.

Carrying any activity smoothly has become possible in today’s digital world. The network cabling installation is certainly responsible for it. There are many companies that rely on cabling services to increase their competency while improving the task of activating their daily routine. Linking with the exterior infrastructure is easy for the firms, and it had become possible because of the cabling service providers.

Fortunately, the cabling services through network cabling companies have come up as a boon for any organization. Now, computer, Internet, printer, other hardware devices can be connected to one another in any organization.

Why you hire network cabling services

Accept it or not, a good network cabling system is essential to run your business in a smooth manner. Since there are a lot of cabling service providers available in the marketplace, the task of building a network cabling structure is no longer tricky.

In today’s time, there are a lot of companies that specialize in cabling installation services. Therefore, you have a long list of services offered by the reputed cabling service providers now. Read on to learn more about their services.

1. Cabling service

Cabling service makes it easy to reduce cost, save time and improve the overall productivity of a company while speeding up the data transfer. Now, organizing and maintaining a procedure in an organization has become somewhat convenient.

2. Carrier service

It may not be easy to look at your Internet, telephone, cable company bills, contract, and services. This will not only consume your time but also bring a lot of confusion. Now, you can hire a cabling service provider to the job for you. The service provider brings an appropriate solution for your cable service needs.

3. Managed service

Optimizing the IT environment and monitoring or preparing for an emergency issue that requires immediate attention is now possible with managed service of cabling service providers. Their technicians will assist you with IT tasks and fix the errors that may cause you major harm. Now, dealing with day-to-day operations is no longer difficult for you.

4. Professional service

To run your business in a smooth manner and implementation of services in a smooth manner, you might need to hire a professional. The communication, network, security and maintenance service for your organization would be necessary. Instead of getting confused and being stuck in an unwanted situation, you should go for cabling service providers that offer professional services to operate your business in a convenient manner.

Planning is indeed an important step to take when you want to run a venture successfully. Efficient methods to ensure smooth operations would be necessary to avoid significant harms in the future. To make sure all the issues related to IT services are addressed, you can rely on cabling services providers without any doubt.

It is true that no one likes to face major harm when it comes to network cabling installation. In fact, maximizing the overall profit can be easy if you go for a reputed cabling service provider. But, before you hire one, be sure to look for the services they provide should meet your needs and goals.

Recover Your Data with StorageCraft OneXafe Continuous Immutable Snapshots

Ransomware threats continue to evolve and infect businesses, government, power companies, education and even hospitals. In 2018, an estimated $8 Billion in ransom was paid to anonymous attackers. The statistics are shocking, ransomware attacks on businesses are up 365% from Q2 2018 to Q2 20192. They are becoming more targeted, sophisticated, and successful at penetration. Unfortunately, many ransomware attacks continue to infiltrate despite the use of state-of-the-art prevention methods. In fact, 77% of organizations infected with ransomware were running up-to-date endpoint protection.

Ransomware can encrypt your files making it impossible to use them. The malware may lay dormant for weeks and may even delete your backups prior to the attack leaving you without a way to recover and forcing you to pay or lose your data.

StorageCraft OneXafe Continuous Immutable Snapshots to the Rescue

StorageCraft OneXafe storage protects your data with continuous immutable snapshots, every 90 seconds, so you’ll never have to worry again. An immutable snapshot is a copy of your data that simply cannot be overwritten or deleted by ransomware or users, because OneXafe and its patented distributed object store prevent that from happening. You can recover anytime, every time, making OneXafe the most effective protection in the market. Furthermore, OneXafe performs powerful inline deduplication on the continuous snapshots, reducing the data footprint.

Storage vendors claim their snapshots are immutable because it is simply read-only and cannot be changed. However this doesn’t protect the snapshot from being deleted or the snapshot volume from filling up. If your snapshots can be deleted and/or modified, are they truly immutable?

Enterprise Systems Corporation has the expertise to implement the StorageCraft OneXafe solution so you never have to worry again about ransomware.  Contact us today for more information.

Stolen passwords offer the fastest path into your network

Insecure password practices are exploited in 81% of cyber attacks worldwide, and 61% of all attacks target businesses with less than 1,000 employees.¹ While employee education and training can help, what’s most needed to reverse this trend is for authentication to require additional proof of identity beyond simple username and password, and to be widely deployed by all companies – no matter their size. Only then, will cyber criminals no longer be able to use stolen credentials to access and infect systems or steal data.

Are employees undermining company security with shared passwords?

Most employees are not intentionally trying to compromise company security; however you should ask yourself what password practices they now use to cope with the proliferation of online accounts requiring them. According to an often-quoted study by Microsoft Research, “The average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.”

A 2015 Dashlane survey revealed that each person had over 90 online accounts, and had to reset their password using a “forgot password” link for 37 of those accounts in the prior year. Companies that require frequent resetting of passwords make it even harder for users to craft strong passwords and then later recall them. In this environment, it’s understandable that users have simplified their passwords – creating ones that can be serialized – and limiting them to a few that are used across multiple accounts.

¹ Verizon’s 2017 Data Breach Investigations Report

This trend is evident when viewing the list
of worst passwords used:

For businesses, as employees use simpler and weaker passwords – this puts networked resources at a greater risk for breach. Even worse, when an employee’s credentials are stolen from other sites and the credentials happen to contain the same password that gives them entry to your privileged networks, then the hackers can walk right in the front door masquerading as the user…and you are none the wiser.

We’ve reached the limit of the protection that solely password-based access to systems can provide. What’s needed are additional measures to ensure the identity of the user…which is what multi-factor authentication (MFA) provides.

How are hackers stealing credentials?

Given that usernames and passwords are often the only hurdle to accessing systems that yield financial rewards, hackers have taken a keen interest in lifting them when they can. Some common ways to compromise this information include:

• Phishing/Spear-Phishing: Criminals use email to try to get users to enter credentials into web pages or forms. It will look convincingly like an email from a person or business that the user has a relationship with, and sometimes will be very targeted at a specific individual (spear-fishing) who is perceived to have a great deal of privileged system access.
• Brute Force: With simpler passwords coming back into use, criminals will try common passwords until they find one that works. They’ve even written automated scripts that circumvent simple protections such as a limit on the number of authentication attempts within a certain time window. Remember, for businesses without MFA, they just need any single username/password combination to work.
• Wi-Fi Evil Twin: Using an easy-to-find $99 device, criminals can sit in a crowded area and pretend to be a legitimate Wi-Fi hotspot. When people connect, then the criminal is effectively a MitM (man-in-the-middle), observing network traffic and even the keystrokes of a user while connected. Studies have shown that people regularly check bank accounts, shop online, and yes, even access company networks, while on public Wi-Fi.

Once they have valid credentials, they will use them to access systems and steal data, consume resources with botnets, install ransomware, and even steal more credentials that might unlock other networks and personal data.

Article Credit

Three school districts have been hit by ransomware in North Louisiana this week.

Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multple school districts.

The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes — Sabine, Morehouse, and Ouachita.

IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting.

This is the second time that a state governor has activated a state emergency due to ransomware or any form of cyber-attack. The first time was in Colorado in February 2018, when the Colorado Department of Transportation was forced to shut down operations because of an infection with the SamSam ransomware. However, that state emergency activated additional state resources to help with traffic, road management, and transportation, and not with deploying cyber-security experts to help victims, like in Louisiana’s case.

By signing the Emergency Declaration, the Louisiana governor is making available state resources to impacted schools.

This includes assistance from cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services, the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), and others.

State officials hope that additional IT expertise will speed up the recovery process so schools can resume their activity and preparations for the upcoming school year.

Gov. Edwards was able to roll out a coordinated response for the ransomware infections at schools in the North Louisiana because he previously established a Cybersecurity Commission to assemble and coordinate response teams in the event of a cyber-attack.

He created this commission in December 2017, in the year when three ransomware outbreaks — namely WannaCry, NotPetya, and Bad Rabbit — had caused havoc across the globe, including in Louisiana.

“This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat,” Gov. Edwards said.

The state of emergency will remain in place until August 21, or until the recovery process at impacted school districts wraps up.

Gulf Coast neighbor Florida could have used a state of emergency declaration last month, as well, after three municipalities were hit by ransomware — Riviera Beach (paid $600,000); Lake City (paid $500,000); and Key Biscayne (recovered from backups).

In recent months, US cities have been a prime target for ransomware gangs. Earlier today, some residents of Johannesburg, South Africa’s biggest city and financial capital, have been left without electricity after a ransomware infection.

Article Credit

More than 500 patient medical records and other sensitive information were exposed in potential data breaches at Summa Health in August and March.

Summa Health announced Friday that it was sending letters to patients who were potentially affected by what the Akron-based health system called an “email phishing incident” that targeted Summa employees.

Email phishing is a term that describes when a person clicks on an email that looks legitimate and asks the person to input sensitive information. The email phishing could be the way a data breach occurs.

Summa said after its investigation, experts were unable to determine whether information such as medical records, treatment information, dates of birth and for a small subset of patients, Social Security and driver’s license numbers, contained in employee emails were viewed by the unauthorized people.

Summa said it was mailing letters to affected patients starting Friday, establishing a dedicated call center and offering free credit monitoring and protection services. It could take several weeks for the letters to arrive, spokesman Jim Gosky said.

Gosky said the number of affected patients is more than 500.

Summa learned May 1 that “an unauthorized person gained access to a limited number of employee email accounts that contained patient information,” according to a news release from the health system. Two accounts were accessed in August and two other accounts were accessed between March 11 and March 29.

Summa said it made sure the accounts were secured and began an investigation, including hiring a computer forensic firm. “The investigation was unable to determine whether the unauthorized individual actually viewed any email or attachment in the accounts,” Summa said.

Officials said “out of an abundance of caution, Summa Health thoroughly reviewed every email and attachment in the accounts to identify patients whose information may have been accessible to the unauthorized person. Patient information was identified in the accounts, including patient names, dates of birth, medical record or patient account numbers, and clinical and/or treatment information. For a small subset of patients, health insurance information, Social Security numbers, and/or driver’s license numbers were also found in the accounts.”

Summa said it was recommending patients review the statements they receive from their health care providers and health insurers. If there are unrecognizable services, contact the provider or insurer immediately. For eligible patients whose Social Security number or driver’s license number was found in the email accounts, Summa Health is offering complimentary credit monitoring and identity protection services. The details will be in the letter.

“Summa Health remains committed to protecting the confidentiality and security of its patients’ information. To help prevent something like this from happening in the future, Summa Health is reinforcing employee training on privacy and security and is instituting additional security measures throughout the health system,” the health system said.

Article Credit: Beacon Journal/Ohio.com

A small Florida city paid an extraordinary $600,000 in ransom this week to hackers who had locked up the city’s computer systems — highlighting an increasingly common dilemma for city leaders across the country. 

Cities have been hit with an increase in ransomware attacks in recent years since tight budgets have left them with outdated and hackable computer systems. But paying the ransoms to reverse the attack means putting money — taxpayer money — into the hands of nefarious hacking groups who probably will use it to target other victims.  

If they refuse to pay up, though, they could be saddled with an even bigger bill to get their cities back online. And they may have to deal with lasting consequences — like in Baltimore, where city leaders decided against paying the ransom and still hasn’t restored all its city services six weeks after a devastating attack. 

“When you pay the ransom, you’re making the bad guys better,” says Allan Liska, a threat intelligence analyst at cybersecurity firm Recorded Future. “But, from a strictly business perspective, sometimes you have to pay the ransom because the cost of not paying it is going to be much, much more.”

But cities, of course, are not just businesses – they have citizens who don’t want their tax dollars wasted and leaders who want to get re-elected. Given there are taxpayer costs to either choice, this is both a practical and moral question for city leaders. 

“It’s their constituents’ money and it’s taxpayer money, so that’s very different,” Liska tells me. 

Not to mention, there could also be career and electoral consequences for city officials who don’t stand up to bad guys. “No politician wants to go on record as having paid a ransom to a cybercriminal,” Liska said.

Already on Thursday, the payout had registered in Washington, where Sen. Marco Rubio (R-Fla.) said he’s working on ways the federal government can help.

A study from Recorded Future found that cities are actually slightly less likely to pay off ransomware hackers than other victims. Just 17 percent of the cities struck with ransomware in the study paid compared with about 45 percent of ransomware victims overall.

That figure could change, though, as city officials draw lessons from major ransomware attacks in cities that didn’t pay. In Baltimore, officials expect to pay about $18 million after refusing to pay a ransom demand of just about $70,000, and a 2018 attack in Atlanta cost the city about $2.6 million to recover from. 

In the case of Riviera Beach, Fla., the city suffered through three weeks during which city workers couldn’t access their email accounts and emergency dispatchers couldn’t log calls into computers, my colleague Rachel Siegel reported. Ultimately, the city council voted unanimously to pay the hackers 65 bitcoin, which amounts to about $592,000.

Price tags like that are bound to make city officials think twice about whether they can refuse a ransom demand, Joe Hall, chief technologist at the Center for Democracy and Technology, told me.

“You’d think the incentive would be to pay as little as possible,” he said.

Ransom payments and ransomware recovery costs are sometimes covered by insurance, but insurance rarely covers all the costs and a big payout will raise cities’ insurance rates. 

Another lesson cities are hopefully taking from the Baltimore, Atlanta and Riviera Beach examples, however, is that they should be better protecting their computer systems against hackers before the ransomware strikes, Tad McGalliard, director of research and policy at the International City/County Management Association, told me.

That includes installing basic protections such as guarding against phishing emails and requiring extra verification before people can access computer systems, he said. It also includes making sure that all the city’s vital records are backed up someplace offline where hackers can’t seize them and lock them up.

“We’re likely to see a continuing increase in ransomware attacks on local governments, but I hope we also see local governments taking note of this and doing everything in their power to bulk up their cyber defenses,” McGalliard said.

Article Credit: Washington Post

StorageCraft® OneXafe® is a converged data platform that unifies enterprise-class data protection with scale-out storage in an easy-to-use, configurable solution. For businesses looking to protect and manage their data in heterogeneous environments, OneXafe eliminates complexity and provides flexible deployment to accommodate various workload requirements. At the same time, it significantly reduces costs associated with primary and secondary storage as well as data protection software. By providing a converged solution, OneXafe removes the need for siloed point solutions and minimizes costs incurred from standalone hardware and software offerings. At the core of OneXafe is a patented distributed object-based file system that delivers universal data access by providing NFS and SMB access to users and applications. Data protection services are directly integrated into the distributed object store, delivering powerful backup and recovery, with a work flow optimized for simplified management. OneXafe tightly integrates with StorageCraft Cloud Services, with a single click it provides business continuity of data, network, and application recovery in StorageCraft’s Cloud. There are a number of configurable options available within OneXafe, from primary storage, to secondary storage, to enterprise-class data protection combined with secondary storage. It is seamlessly administered with OneSystem, our simple, intuitive, yet powerful management service. OneXafe enables ease of implementation for both powerful data protection and optimum scale-out storage.

Configuration:
OneXafe includes a multi-purpose storage appliance that can be configured based on your business needs.

– Converged Secondary: Enterprise-class data protection enabled and configured with secondary storage, reducing management complexity and operational costs.

– High Performance Storage: Scalable storage for high performance unstructured data and backup targets. Can be configured to serve primary storage for virtual workloads, unstructured data, or secondary storage with high performance needs.

– Capacity Storage: Scalable storage for large scale unstructured data and backup targets. Can be configured to serve as secondary storage for your backup needs.

In the case of disaster, OneXafe ensures business continuity with a complete, orchestrated virtual failover to the cloud in one click, when used with our Cloud Services. OneXafe’s tight integration with the cloud makes recovery of the entire infrastructure simple, quick, and seamless, while offering the highest service level agreements (SLAs) with one throat to choke.

Enterprise Systems Corporation is an industry partner of
StorageCraft® OneXafe® Solutions. Contact us today for more information.