What the SolarWinds breach means to you
In the event you haven’t heard, what is arguably the largest cyber breach in US history was announced last weekend, and the fallout continues. Here is what we can share and how it impacts you.
There are critical lessons here for all of us. Let’s take a look at them.
First, breaches are going to happen. Until we can eliminate human error, they’re inevitable. That said, catching the intrusion, stopping it before it fully executes, is possible. Accomplishing this requires companies large and small to increase their investment in security and deploy these next-generation tools.
Second, one of the greatest challenges we have is the implementation of effective risk management. Specifically, system log files need to be monitored on a consistent basis. For HIPAA compliance, it’s a requirement that you monitor your network logs and that you record you are doing so. Unless you have specifically asked your IT company to do this, it’s not being done. Unless you are doing it in your own software, it’s not being done. Breaches like this go undetected for months because people aren’t reviewing the necessary log files. Firewall logs, server logs, EHR logs, are just a few examples. That’s part of the problem, there are many log files to monitor, and most aren’t user friendly.
The third lesson we have learned is an ominous one. Due in large part to the level of sophistication of this attack, the recommended remedy is to scrape the drives clean and rebuild entire networks. Consider having to do that in your company. Format every hard drive, reset every network device, reinstall everything from scratch, and re-create your network. That’s exactly what the cybersecurity experts in our intelligence community are recommending, and it’s a monumental undertaking.
Make no mistake, this attack has done untold damage to our national security, and it may be years before we understand the full extent of the devastation. Equally important is the recognition that recovering from attacks that are this sophisticated and this prolonged, increases the recovery costs dramatically.
If you want to learn more about how you can protect yourself against the new wave of attacks, give us a call.
We’ll be back with our next reminder in January. We can’t wait to close the books on 2020!
Happy Holidays and thank you all for your support. May you all have health and happiness to start in 2021.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.