Page 30 - Layout 1
P. 30
BUSINESS
continued from page 29
the perpetrators – locked out of the system, and immediately began lyzed. ABCD’s IT Company identified the virus as “Dharma Ran-
remediating the issue.” somware,” a variant of an older ransomware virus called “CriSiS.”
GCS found Urology Austin services going offline because of These virus strains typically do not exfiltrate (“remove”) data
encryption, and their monitoring software began raising the red from the server; however, it could not be ruled out. Also, during
flags. GCS employs a multi-tiered approach to security, with no the analysis of ABCD’s servers and computers, suspicious user
less than six or eight products
employed at all time to monitor accounts were discovered sug-
traffic and data usage. gesting that hackers may have
accessed portions of ABCD’s
“What took it from existential network.
to only catastrophic,” says GCS
Technologies President Joe ABCD’s IT Company success-
Gleinser “was an image-based fully removed the virus and all
backup solution.” Image-based corrupt data from its servers. Se-
backup is a process for a com- cure backup data stored sepa-
puter or virtual machine to cre- rately from ABCD’s servers and
ate a comprehensive copy of its computers (“off-site backups”)
operating system and all the data were uncompromised by this in-
associated with it, including the cident. As a result, no confidential
system state and application con- information was lost or de-
figurations. It’s all saved as a sin- stroyed, including protected
gle file that is called an image. health information.
This is far more extensive — Nor did the attack mature to
and utilizes more resources — the point of ABCD receiving ran-
than typical file backups, where som demands or other communi-
each file (which could include the cations from unknown persons.
poisonous malware) is incremen- Concerned that interlopers may
tally uploaded to the reserve copy. have been on the server for a lim-
Urology Austin does a weekly ited period, ABCD Pediatrics ad-
image and relies on daily incre- vised more than 55-thousand
mental backups, so they’re never patients of the incident, per
than six days away from a stable HIPAA regulations. Urology
reset point. Austin sent 279-thousand letters
advisory level (see sidebar, “The
“At the end of the day, we were Law.”). Between the costs for ad-
able to recover fully and the prac- visories and client credit protec-
tice was seeing patients more tion where, it’s critical to have
quickly,” says the GCS president. cyber incident insurance, both
companies advised.
Closer to home, a similar story
unfolded when an employee of And the breach is only the
ABCD Pediatrics discovered that opening refrain of what can be a
a virus gained access and began long sad song: “Once a breach is
encrypting ABCD’s servers. The identified by the Department of
encryption process was slowed Health and Human Services, the
significantly by recently updated an- Office for Civil Rights gets inter-
tivirus software. ested,” says Clifford Robertson, JD. Speaking recently to the Bexar
County Medical Society, he detailed the process by which any breach
Upon discovery, ABCD immediately contacted its IT Company, is likely to open the practice to a complete HIPAA compliance audit.
and servers and computers were promptly moved offline and ana-
30 San Antonio Medicine • October 2017
