USF has established a dedicated call center for affected individuals that can be reached at 855-914-4699. Any former patient who believes that they may have been affected by this attack should monitor their financial records and if any suspicious activity is found, the individual should contact their banking institution to correct the issue. IT professionals who manage technology for medical service providers, whether large or small, should be aware that cybercriminals actively target their systems. It is important to segment networks to prevent a breach on an employee workstation from being able to directly access the database servers containing patient data. It is also a best practice to monitor normal, authorized usage patterns of employees accessing patient data through the established employee interfaces and alert whenever an unusual pattern occurs—for example, one employee account quickly accessing all patient records. In the USF incident, it appears that only a limited number of patients were affected, even though the attackers had access to the network for almost a month. This indicates that USF may have implemented controls to limit access to patient records and reduced the overall negative impact. Organizations should also adopt a strategy of defense in depth with 24/7 monitoring of workstations, servers and other devices inside the corporate network to discover and quickly stop intrusions that make it past the outer layers of security controls. If intruders only have minutes instead of weeks of access to a network, the damage from attacks can be significantly reduced.
Source Article: https://www.bleepingcomputer.com/news/security/ransomware-hits-largest-us-fertility-network-patient-data-stolen/