Background
In the summer of 2019, a ransomware attack hit 400 dental offices across the US, denying access to patient data and systems. This event convinced a dental office in Ohio that they needed to better understand their cybersecurity posture and put appropriate measures in place to protect their business and reputation.
The office chose ResiliEYE to uncover all vulnerabilities and manage their risk with an ROI mindset.
Key observations
This dental office had mixed cyber-hygiene practices in place. On the positive side, their policies prevented employees or patients from connecting their personal devices onto the office network. They also had configured the server with admin privileges, so only the dentist was allowed access. They, however, needed to be careful about leaving their systems unlocked around patients when they steps away from the room. An ill-intending patient could access the system and information it contained.
This office used a flat network architecture. It meant that all devices were connected to a single network segment irrespective of their functional criticality. For example, an x-ray machine and security camera were connected to the same network as the office computers. About 70% of the connected devices, including the main router, contained high to critical vulnerabilities! In this network architecture, a breach of one device would impact everything else.
The office is benefiting from taking a holistic approach, including people, process and technology, to managing cybersecurity. An incident in a office like this would typically cost around $800,000 to resolve and could damage their reputation and ability to attract customers.
To learn more about the ResiliEYE platform by ResiliAnt, please reach us at info@ResiliAnt.co.