4 minute read
How Big is the Target on Your Data?
By: Gary Salman, Chief Executive Officer of Black Talon Security
In the spring of 2021, US-based Colonial Pipeline was the victim of a devastating ransomware attack. This attack was launched against our infrastructure by a group based in Russia (named “Dark Side”) forcing Colonial to shut down over 5,500 miles of pipeline in the US. Two days prior to Colonial being hacked, Black Talon Security was called in to spearhead a breach response for an orthodontic group that had also been successfully targeted by Dark Side. Drawing the correlation between these two events is important -- it is critical for dental practice owners to understand who and what they are up against. The criminal enterprises that target entities like the US government, US military, US infrastructure, and more are often the same groups that are targeting you as business owners. There is no such thing as a happy ending following a ransomware attack; however, the Colonial event ended up being the catalyst for an international collaborative effort between government agencies that managed to track and crash the cryptocurrency accounts owned by Dark Side. Great fanfare was made about this collaborative effort, but the celebration didn’t last long. In January 2022, Black Talon received a call from a small, 6-location ortho/pediatric group, asking for assistance with a suspected ransomware event that had just been discovered in all 6 of their locations (Note: they were not an existing Black Talon client). It didn’t take long for our forensic investigators to recognize the fingerprints of another Dark Side attack. How could this have happened if Dark Side had been shut down and “on the run”? As it turned out, in the 6 months that they went “silent” they simply rebranded themselves as a new group called Black Cat and released an even more dangerous and sophisticated attack. The ransom demand for this new attack was much higher than what Dark Side historically demanded. It seems that their plan is to recoup every dollar that they lost after investigative agencies successfully tracked and wiped their crypto accounts. Prior to the release of Black Cat, a typical ransom demand for a 6-location practice would have been in the $200,000 - $600,000 range. We were shocked to discover that Black Cat was demanding $2.4 million to release the decryption key in order for this practice to recover their data. The ransom demand was only a portion of the cost of this attack. All 6 locations had to rebuild/replace their office networks and all 6 had to lock their doors for 10 business days. You may be asking yourselves questions like, “Didn’t they have backups? Didn’t they have firewalls and anti-virus software running?” The answer is yes to both questions. They had redundancy in place with their backup solution and every location had a firewall and anti-virus software running. They also worked with a large and reputable IT provider. Black Talon Security has been involved in a high number of breach response cases in the dental industry and, in almost every case, the targeted practices had firewalls, anti-virus software, and worked with an IT provider. Anti-virus software has been a powerful and effective tool for decades, but it is not designed to fend off a modern-day ransomware attack. Firewalls are still very important and necessary, but only if they are configured properly and NO vulnerabilities exist. Great IT providers or Managed Service Providers (MSPs) are worth their weight in gold, but they are not cybersecurity specialists. Advanced cybersecurity is not their area of responsibility.
Advertisement
How Do Dental Practices Better Protect Themselves Going Forward?
Continued threats and debilitating new attacks require more sophisticated preventative measures. One new and powerful change that an organization can make is to consider upgrading its anti-virus solution to Endpoint Detection and Response (EDR). There are multiple options available on the market. An even better solution would be upgrading to Extended Detection and Response (XDR). It won’t be long before insurance companies will require that this new technology is installed on a network before determining the insurability of a new or existing client. It is more important than ever before to engage with a dedicated cybersecurity company. Any company that you engage in should have credentialed, board-certified security experts on staff. A vCISO or CISSP has years of training and experience in the cybersecurity field, and credentialing only happens after a rigorous board-certification process is completed. Most of the hacking groups that exist today, and who are targeting dental practices, have people on their staff who have achieved this level of knowledge. Not relying on specialists is like “bringing a knife to a gunfight.” Even if you have an IT provider who insists that they have you protected, it never hurts to test your systems and the processes that you currently have in place.
ABOUT THE AUTHOR:
Gary Salman is Chief Executive Officer of Black Talon Security. He has over 30 years of experience in software development and computer IT in the dental industry. As a leader in cybersecurity, the company offers a complete suite of compliance and cybersecurity solutions that are custom engineered for your practice. To learn more about Black Talon Security and the company’s services, visit their website at www. blacktalonsecurity.com. Gary can be reached at (800) 683-3797 or via email at gary@ blacktalonsecurity.com.
BlackTalon is an ODA Rewards Partner, focused on helping small and medium business with securing their data and infrastructure from Cyberattacks. Contact us at 800-683-3797 or visit us at www.blacktalonsecurity.com
