R1 RCM ransomware take down

by | Aug 15, 2020 | Security, Technology

ransomware-attacks

 

R1 RCM ransomware takedown means external audits are more needed.  The Ransomware branch of organized crime is likely gearing up.  There has been a downtrend paralleling the rest of the global economy over the past months, from what was projected in 2019.  Although internationally broad scope attacks have continued apace, more targeted spear phishing attacks have been down since March.

 ransomware-too-late

Threat actors, sophisticated organized criminals, have taken a wait and see attitude like many business people in uncertain times.  According to  <https://healthitsecurity.com/news/covid-19-impact-on-ransomware-threats-healthcare-cybersecurity> although attacks have remained consistent the number of successful exploits is down from what was projected in 2019.  One can only speculate as to why. 

As reported in KrebsOnSecurity this afternoon, R1 RCM  was attacked with ransomware Defray a 2017 exploit last week.  The is R1 RCM is in their own words an “independent provider of end-to-end revenue cycle solutions.”  Meaning a high end debt collector and advisory group for the profit driven side of medical care. They basically collect a huge amount of data and advise their clients how to wring the most money out of each patient.  One can see why they were an ideal target for attack. <https://www.r1rcm.com/about>

They are tight lipped about the attack but are a very profitable corporation, so one would think they would do take better. The best approach is a multipronged system with regular audits.

  1. External third party audit
  2. Backups
  3. Training
  4. Regular Internal health checks

Take action now

  1. Have an internal monitoring protocol to ensure that suspicious activity is detected as soon as possible.
  2. Employ up to date Human Resources and system interface procedures to minimize accidental exposure to risk.
  3. Install updates as soon as they are made available and upgrade or replace obsolete hardware and software which poses an unacceptable security risk.
  4. Have an external audit performed by an independent third party. The auditor should be an expert willing and able to collaborate closely with the company’s IT professionals but should have no design, operation or remediation responsibility or authority in order to maintain the auditor’s independence.
Make your business more secure