Incident Response
Investigating and Eradicating Malware from a Healthcare System
The Background
The client is an independent healthcare provider supporting local towns across Australia. Pragma performed an investigation on client servers and infrastructure. We concluded the virus/malware point of entry was through a remote desktop and access to a malicious website. Pragma immediately contained a virus/malware from spreading to 600 workstations but was called too late to prevent the damage to all operational servers in the Datacentre.
The client also had all online backup servers damaged and hence a quick recovery was not possible.
The Process
Pragma confirmed the infection of the servers and advised the Client to disconnect from their network immediately to stop the virus/malware from spreading. Pragma efficiently deployed processes to identify, contain and eradicate the further spread of the virus.
Pragma performed a thorough investigation on the Client's technology, event logs and the virus/malware point of entry was through a remote desktop and malicious website. Pragma performed a full virus scan and removed 300+ viruses before installing new malware protection. The data was recovered by our team of recovery and encryption specialists.
We deployed a team of four consultants to contain and remediate the impacted services. All servers were hardened, and security measures were implemented that were originally lacking, (including but not limited to firewalls, monitoring and enterprise antivirus).
The Result
Our fast containment and eradication service enabled Client to continue supporting their patients. Our expert team enabled healthcare to implement security solutions to mitigate future risks through our management of infrastructure and deep knowledge of technology, regulations that impact healthcare.
The client's data was fully recovered, and all 26 centres are now operational.
Tags:
© 2023 Pragma. All Rights Reserved. Pragma® and the Pragma logo are registered trademarks of Pragma Pte Ltd