In August, a hospital in France called Centre Hospitalier Sud Francilien (CHSF) had its data breached by hackers using LockBit ransomware. These cybercriminals demanded a ransom in order to unlock their systems, threatening to release all of the information they managed to steal from the data leak if the hospital or French authorities didn’t pay the equivalent of $10 million dollars.
However, because French law bans public institutions from paying ransoms, the hospital was unable to even make an attempt to pay the hackers. On Thursday, it was announced that because the Corbeil-Essonnes hospital near Paris refused to pay, the hackers have now dumped medical scans and lab analyses along with the national security numbers of patients.
Due to the attack, the CHSF was forced to shut down emergency services, restrict access to its systems, and even sent many patients to other institutions in order to protect their privacy. At one point, officials said the only technology that was still working was the phone.
So what will happen with all of the patient data that was leaked? How will they use the leaked data for phishing attacks and other fraud schemes? And, most importantly, how can you secure your data from these types of breaches? Let’s answer these questions and more.
What happens after a data breach?
Following the data breach, with all of the patient data that was stolen released into the wild, the hospital is now informing its staff and patients to watch closely in the coming months for phishing attacks. Other groups of cybercriminals may attempt to use the leaked private information in various fraud schemes in the future.
This CHSF data breach and ransomware infection have prompted a national effort to boost cybersecurity in France. In fact, Health Minister Francois Braun announced that he will be providing an additional €20 Million in order to increase security in French hospitals, according to RFI.
Among the breach was some administrative data which included the NIR (social security number equivalent) and health data such as examination reports of anatomical pathology, radiology, laboratories of analysis, doctors, and other external files.
In a press release, the hospital noted how the cybercriminals followed through on their disclosure threat, citing that exfiltrated data was published on their website on the dark web. In light of their investigations, experts confirmed that the data published will concern the hospital’s patients, staff, and partners.
What should the hospital do next? How can you secure your data from data breaches?
According to statistics from the Ponemon Institute, the average total cost of a data breach is around $4 million (up from $3.8 million in recent years). Companies can minimize any damage caused by a data breach if the right steps are taken. Here are a few steps to take in response to a data breach:
Identify the source and extent of the breach: The first step is to identify the source and extent of the data breach, that way you can address it soon and in the best way possible. In an ideal situation, you’ll already have intrusion detection and prevention systems (IDS and IPS) in place that can automatically log security events for your business.
Using these logs, you’ll be able to track down the source of the breach. Intrusion protection software allows you to see which files were accessed and what actions were taken by the hacker, which will be crucial to your next plan of action.
Without IDS/IPS for your network, it will take considerably more time for your IT team or consultant to collect this kind of crucial information.
Address the security breach: If you have intrusion prevention systems in place, you may be able to proactively address the breach by automatically preventing unauthorized outside access. However, even with an IPS solution in place, it’s important to have an IT team in place to deal with breaches.
Although there could be a variety of next steps depending on the nature of the breach, a good recommended measure to take would be to save a disk image or copy of the affected servers at the time of the breach for legal purposes.
Furthermore, if an employee’s account was used in the attack, make sure to revoke that account’s privileges immediately and have other employees change their passwords.
Test your security fix: Once your short-term security fix has been implanted, it’s important to test your solution as thoroughly as possible in order to make sure the attacker can’t use the same method to attack your company a second time.
This type of penetration testing needs to be repeated across all of your company’s servers and virtual machines in order to make sure the vulnerability doesn’t exist in another location.
Inform authorities and any affected parties: Once you have a fix in place, data backed up, and a copy of affected servers has been saved, it’s important to contact the authorities and reach out to any customers that were affected by the data breach. Federal authorities will be able to provide you with instructions that are crucial for complying with post-breach regulatory standards for your industry.
Furthermore, reaching out to affected customers will give them advanced notice in case they need to take measures to protect their identities, such as canceling credit cards or changing bank account numbers. Although this may be an inconvenience, it’s much better than letting them get blindsided by identity theft or phishing scams.
When informing customers of the data breach, get the information to them as quickly as possible, inform them of what information may have been stolen, and be as thorough as possible by using multiple communication channels to ensure they received your warning. If necessary, provide some necessary steps customers can take to protect themselves.
Post-breach damage control: A data breach can have impacts well after the initial breach has been resolved. One of the worst consequences is loss of customer confidence after a breach, which can be difficult to restore. However, by neutralizing a breach quickly, minimizing the impact, and informing your customers in a timely manner, public confidence can be restored in your company.
Once the breach has been resolved, this is a good time to consult with an outside IT consultant to see if there is anything your company can do to avoid data breaches in the future.
To learn more, consider reading Are you prepared for a ransomware attack?
Address Security Breaches and Prepare for Cyberattacks
Has your company’s data been breached? Or do you want to take a proactive approach in order to avoid future breaches and make sure all of your data is backed up in the event of a cyberattack?
Computer Service Now has been in business for over 35 years providing on-site IT services to businesses in the Southwest Ohio region. Our network security packages offer you an easy and hassle-free solution to keeping your network safe from data breaches, ransomware attacks, and other cybersecurity concerns.
With an advanced level of service and focus on customer satisfaction, Computer Service now makes an extraordinary effort to be the premier IT firm in the Cincinnati and Dayton region. With a wide variety of IT solutions to fit a range of budgets, CSN can help companies with IT-related projects of any size.