The organization’s leadership was familiar with Withum from the current services the firm was already providing. Therefore, they were confident that Withum’s Cyber and Information Security Services Group (“Withum Team”) would provide the level of service and expertise required.
The hospital faced two challenges prior to bringing on Withum to fill the vCISO role:
Taking on the vCISO role, Withum’s Team was able to assess the security infrastructure, identify control gaps, and shift the perspective of what is truly necessary to protect an organization of this size that stores so much patient PII (Personally Identifiable Information).
During the IT infrastructure assessment, Withum’s Team completed a series of standard tests, which resulted in the detection of a phishing attack launched during the pandemic’s height. This cyberattack hit when the healthcare system was most vulnerable – hospital resources were limited, tension was high, and patient care was of the highest priority.
Results from penetration testing, threat emulation, and cyber forensics revealed an incident response was imperative to protect the hospital system’s livelihood and the patients it served.
Healthcare systems are proven to be prime targets of cyber threats. Denial of access to time-sensitive patient data, hacked lifesaving medical equipment are possible results of a cyber kinetic attack, which causes direct and indirect physical injury and loss of life. As the average cost of a typical cyber breach hovers near $8.9M, the potential loss for the healthcare system during this time would have been astronomical, both financially and reputationally, through potential class-action lawsuits, regulatory violations and sanctions for loss of life.
Withum addressed each red flag within the organization’s IT and IT security framework due to the extensive background and experience of the Cyber and Information Security Services Group. To best solve the needs of the healthcare system, Withum’s Team divided the incident into four project phases:
The Withum Team performed a cyber forensic investigation. The cyber forensic specialist was able to trace and link the phishing email to its origin, a country in the Middle East, an area known to engage in cyberattacks against U.S. critical infrastructure, including healthcare. The email entered the hospital’s IT system through a trusted source, a third-party vendor the organization uses to fulfill nursing staffing needs. Withum’s cyber specialists identified that the attackers were attempting to expand the initial point of compromise surreptitiously and aggressively into other hospital accounts and systems. The attackers knew they could utilize the nursing supplier’s relationship with the hospital, the hospitals own systems and networks, and the distractions of a pandemic crisis against the healthcare provider.
Next, Withum’s Cyber and Information Security Services Group isolated the incident and compartmentalized the onset of intrusion. Withum’s Team identified the hospital’s legal counsel and law enforcement agencies as appropriate to ensure proper reporting, responses and actions took place.
To properly understand the extent of vulnerability within the healthcare network, Withum performed an in-depth penetration test which included safely mimicking external hackers in an attempt to compromise the hospitals networks and systems. The Withum security testing revealed severe areas of weakness within the hospital’s infrastructure. Withum’s Team was able to take complete control of the IT environment, undetected, within a few hours. It’s important to consider that hackers with an intent to cause harm, with the same level of control gained by the Withum team, could have severely impacted the hospital’s patient care.
The cyber team deployed two Withum AIR4DroidsTM computer devices to deliver real-time protection to the healthcare system in the future. Withum’s AIR4DroidTM devices provide intelligent identification, scanning, probing and mapping of an organization’s network(s) devices and vulnerabilities.
The healthcare organization now receives real-time active and passive cybersecurity monitoring, alerts, auditing, incident response, cyber forensics and reporting to a secure, personalized account through Withum’s 24/7/365 Security Operations Center.
Withum’s Cyber and Information Security Services Group also identified areas of vulnerability and improvement for the third-party nursing staffing company, which resulted in strengthened IT processes and procedures for sharing information between companies.
Withum’s Team was able to create more value for the hospital and healthcare network as it moved forward in the merger process with a neighboring health system. Its IT infrastructure now creates greater confidence in the security of future patients’ PII.