Password security and Multi-Factor Authentication are two of the best lines of defense for users to protect themselves against bad actors. After a weak default password without Multi-Factor Authentication allowed a hacker to gain access to the company’s network, a large healthcare provider’s data was encrypted and inaccessible; which halted their operations for nearly twenty-four hours across multiple locations. Ransomware was discovered by the Thrive team on upwards of twenty of the company’s servers.
Thrive’s Cybersecurity Forensic Analysts took quick action to source the bad actor and work towards remediation. Utilizing best-of-breed tools, they were able to identify the IP addresses in which the attack was originating from and effectively block them from the network. Simultaneously, the Thrive team was able to configure restoration on the servers and perform back up measures. Within twenty-four hours of the original incident the first server was restored, and the remaining were all operational within four days.
The immediate results of the remediation of the servers were that the healthcare provider became operational once again and able to serve their patients. After the event was resolved the organization enlisted Thrive to perform a Security Health Assessment across their environment. Thrive’s cybersecurity team was able to identify vulnerable target areas in the company’s infrastructure and architect customized solutions. All of these being actionable items, the organization has been able to further leverage Thrive’s services to strengthen their security framework to prevent future incidents.