Ransomware in review: Unregulated third-parties are a weakness

April 27, 2018//Ellen Neveux

Last Updated: October 25, 2021

The City of Atlanta continues to have a hard time leaving the ransomware spotlight, but the attention may soon shine on a new victim—Center for Orthopaedic Specialists. With new ransomware attacks happening as frequently as they do, it’s obvious that bad actors will continue to use this avenue. How can you protect yourself and your network? Find the best secure remote access software to protect your network from bad actors with malicious intents.

A City of Atlanta update

News of the attack on the city broke March 22, and since then, the ransomware focus has continued to be on them. The bad actors requested $51,000 in ransomware payments. If paid, Atlanta would get back all files that were encrypted, both decrypted and untouched. Instead of paying the amount requested and getting the files back, the payment portal was shut down and Atlanta had to take matters into their own hands.

The Atlanta ransomware incident been peculiar to say the least. When the payment portal was shut down, we should have guessed it was going to be a wild ride. What’s most interesting with the whole situation is how much they have suffered. Since paying the price is thought to keep the ransomware marketplace alive and thriving, security experts deter victims of paying the ransom—and with the portal down, Atlanta didn’t have the option to pay.

So, the Atlanta situation has been a bit wonky—they didn’t pay the money and it ended up spiraling out of control. It’s gotten so out of control, Atlanta is now expected to pay more than $2.6 million on recovery efforts. A lofty price tag that’s 50 times more than the amount requested during the attack. Atlanta has been suffering so much because their security strategy wasn’t proactive; it lacked the total security audits that would have added a layer of necessary protection.

Center for Orthopaedic Specialists

The latest victim of ransomware is Center for Orthopaedic Specialists (COS). COS has to notify 85,000 current and former patients that their personally identifiable information (PII) and protected health information (PHI) are compromised. According to DataBreaches.net, the attack stemmed from an unnamed IT vendor in February 2018 and affected three of COS’s facilities. As of now, no patient information is thought to have been misused and all affected clients will be contacted about the situation. COS has not revealed the type of ransomware or the amount demanded by the bad actor.

Center for Orthopaedic Specialists uses the services of a third-party IT firm. An unauthorized party maliciously accessed COS’s network to encrypt 85,000 patients’ data. Once the breach was known by COS’s unnamed IT third-party vendor, they permanently took the affected system down before any patient information could be removed by the bad actor. COS is working with law enforcement and the unnamed IT third-party vendor that the bad actor leveraged. Identity protection is being offered at no cost to those affected.

Regulation is key

Most likely an attack like this could have been avoided. Sure, ransomware attacks aren’t going anywhere, but regulation is key. If you properly regulate the access given to the third-parties you use, you are adding extra layers of protection to combat against an attack. If bad actors aren’t able to take advantage of both the credentials and the access third-party vendors have to an organization’s network, then ransomware will no longer take this path. Learn more about the risks that third-party’s access poses on organizations in SecureLink’s Ultimate Guide and how you can protect your network.

It’s obvious that there is a weakness when it comes to regulating the access granted to a third-party. If you want to be able to trust the third-parties you use, implement the best secure remote access software you can. The best software enforces least privilege access and gives vendors only what they need access to and no more. It will also implement good security measures such as: authentication, audit capabilities, and even more to safeguard PII, PHI, and other sensitive information. Being fearful of a data breach or ransomware attack won’t get you anywhere, but integration, knowledge, and a secure remote access platform are what will further protect you and your vendors.

Get the right secure remote access software

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise Access has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink Customer Connect is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close