Human error accounts for a lot of cybersecurity incidents. In a recent case involving a Kansas-based medical transcription services company, it was misconfiguration of a server by employees that caused information of more than 2,300 physicians and other providers to be exposed and up for grabs for anyone wanting to take a peek.
The company, MEDantex reportedly rebuilt a server after a previous ransomware attack and did not property secure it afterward. The exposed data was brought to the company’s attention by Brian Krebs (who gave credit to an India-based cybersecurity company, Banbreach, for originally finding it). The server was immediately taken offline, but not before it had been left unsecured for at least a few weeks. Not only could the data be viewed, but also was open for searching, downloading, adding, and deleting information. Information exposed appears to be mostly recent, but some files were dated back to 2007.
Other researchers found that MEDantex appears to have been affected by the WhiteRose ransomware. This came on the scene not long ago and encrypts data until ransom is paid. Fortunately, it seems to have a flaw in that makes it decryptable without paying the ransom. Unfortunately, it isn’t known how it infects in the first place.
An important reminder can be found in all of this though. If you are moving data, rebuilding, or even updating servers, make sure they are secured before putting them back online. This is an error that really didn’t have to happen. Sometimes, it’s as easy as making a checklist and ensuring all steps were taken to make sure the information is safe.
There are ways to avoid paying ransoms too, should they strike your organization. Keeping frequent and current backups of all important data is the best way. Then, if something does get encrypted or corrupted, it can be restored from one of those backup files. In addition, keeping anti-malware software on all systems and keeping it updated is another great way to help lower risk.
And as always, continual awareness training to anyone and everyone who connects to the network is a key factor for avoiding attacks that come via phishing. In many, if not most cases, this is how these succeed. No matter how many software or other tools are put in place on your network, you cannot eliminate the human factor and our susceptibility to social engineering when it comes to phishing. So, make sure everyone knows how to spot it and what to do if they suspect they fell for it.