The Professional Finance Company Inc. (PFC) has suffered from a ransomware attack that has led to a data breach affecting over 600 healthcare organizations. The firm is an accounts receivable management company and the cybersecurity incident has impacted upon 657 of its healthcare provider clients.
According to a notice on its website, PFC “detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems.”
Looking into this cyber-incident for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.
Chenette places the attack in the context of a period of sustained cyber-criminal activity, noting: “It has been an alarming week for cybersecurity in the healthcare sector. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA) on Maui ransomware, which has been used by North Korean state-sponsored cyber to target Healthcare and Public Health (HPH) Sector organizations over the last year.”
Within the attack [pattern, one type of sector appears to be hit the most, as Chenette outlines: “The healthcare industry is one of the largest targets for cybercriminals, and since the onset of the COVID-19 pandemic, we’ve seen threat actors leverage this global crisis to target healthcare organizations — stealing this protected health information and creating general unrest.”
One reason for hackers targeting healthcare is due to the rich stream of valuable information that can be drawn from the sector.
Here Chenette opines: “Any organization that collects and stores consumer data must make protecting that data a priority, but it is especially crucial when dealing with protected health information, which is extremely profitable on dark web marketplaces because it usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come.”
The same applies to the financial sector, as Chenette states: “This Professional Finance Company Inc alert serves as the latest reminder that organizations simply don’t exercise their defenses enough, and healthcare organizations in particular should be evaluating their existing security controls to uncover gaps before an attacker finds them.”
Current trends emphasize the ongoing vulnerabilities: “We continue to see basic security protection failures resulting in data loss for companies both large and small. This trend is disturbing as the cost of recovering from a breach is far more expensive than conducting proactive testing to validate that the security products and services, which you have already purchased and implemented, are working correctly. Consequently, these types of failures can often be easily avoided.”
In terms of mitigation, Chenette outlines: “To best defend against Quantum ransomware attacks, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, organizations can build more resilient security detection, prevention and response programs mapped specifically to those known behaviors.”
Chenette further recommend: “Organizations that manage sensitive health information must adopt a threat-informed cyber-defense strategy tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information. This should include mapping their security controls to specific attack scenarios to measure an organization’s cybersecurity readiness for the attacks that are sure to come. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”
