Protecting Large Entities from Ransomware Cyberattacks: Lessons from CHC Health Group

2023-12-26 17:00:00
“Large entities are more often targeted”, according to Minister Christophe Collignon

These “ransomware” cyberattacks are legion in Belgium and in France in particular. Within the CHC Health Group, the vigilance of two IT specialists will help avoid the worst. After observing a problem with a server, a crisis meeting is organized within half an hour with the main IT stakeholders. “We realize that the worm is in the fruit,” underlines Frédéric Pampalone, Chief Information Security Officer (CISO). “We have hackers who have made a little more than one attempt. They had been masters of the house, so to speak, or almost for 48 hours. We quickly took measures to try to minimize the attack as quickly as possible,” he adds.

“It was decided to cut off the Internet and all links from the CHC Health Group directly.” A measure that helps avoid disaster. Because both the CHC MontLégia Clinic, in Liège, and the 27 other sites can continue to operate. Some slowness or disruptions are noted, but this cyberattack does not hinder the functioning of the computer system: its networks, servers, applications continue to run. With the continuity and safety of patient care always assured.

gull

The hackers stole passwords from two people, infiltrated part of our systems, but did not switch to encryption since the Internet was shut down.

A year following this controlled cyberattack, “we can say today that we were lucky, that we came close to the catastrophe,” modestly rejoices Claudio Abiuso, the director of operations. “The hackers stole passwords from two people, infiltrated part of our systems, but did not switch to encryption since we shut down the Internet. Without taking control, they were only able to tackle the first step of their process and were not able to constrain us.” Management wants to be humble and above all grateful to the work of its teams.

“It took months to secure and increase our defenses,” specifies the IT security manager. “Before this attack, we had a certain open-mindedness regarding the Web, whereas today we only open what is necessary and only what is proven to be non-dangerous.” The IT systems director called on certified private providers to further improve security.

gull

Our passwords have been strengthened with a change which was carried out industrially with several steps to ensure that security was increased, it is forbidden to plug USB keys into your computer or even use your 4G GSM to use the Internet on your computer.

The hospital, like any structure, protects itself from cyberattacks in two ways: humans and technology. For the first, it is a question of raising staff awareness of “computer hygiene”. “We have already launched awareness campaigns before but we have made our 6,000 employees even more aware,” insists Frédéric Pampalone. “With a guide to good practices for employees: our passwords were strengthened with a change that was carried out industrially with several steps to ensure that security was increased, it is forbidden to plug USB keys into your password. computer or even use 4G on your mobile phone to use the Internet on your computer.” Security through technology involves updating software, installing firewalls and antiviruses. A significant investment in IT security – with a plan of 3 million euros over five years – was made following the cyberattack. “This investment, of which the aid provided by the federal government only covers 1/5th, allows us to react on machine time, that is to say quickly.”

”A cyberattack is monetary. Our data cannot be recreated”

We know it: hospitals are easy targets for hackers. Why ? “At first, we are a bird for the cat. Due to the history of medical IT, there is a little less security by design,” explains the IT security manager. “A cyberattack is monetary. Our data cannot be recreated. If they are lost, they are lost forever. And so, in the event of a cyberattack, it is in your interest, for people’s health, to make the data accessible once more in the hope that it will not be altered.” Which the CHC Health Group should not have done since nothing had been stolen.

“We will never have the security system that NATO has because it is unaffordable,” recognizes Claudio Abiuso, the director of operations. “We remain vulnerable like anyone. We have always held the cards in our hands thanks to our hyper vigilance and our safety culture. If we had not had this structurally established level of vigilance, I think we would not be speaking today with a certain serenity. Which doesn’t mean we’re naive.”

Dozens of attempted attacks are foiled there every day

At the CHC Health Group, the infection is well stopped. The fact remains that every day, dozens of attempted attacks are foiled there. “Just last week I was personally the target of a phishing attack and so everyone today needs to be cyber aware, from the chairman of the board of directors to the smallest working employee who has access to the network. ”

The hospital management, for its part, calls for “proper training and awareness among all employees of a company or establishment”. “The main danger is humans,” repeats the operations director. “The 6,000 employees of the CHC constitute a bulwark of security. Everyone must be a brake, a barrier, a bulwark of security and must realize that they can be the possible flaw in the entire system.”

1703621065
#lessons #learned #cyberattack #CHC #Liège #health #group #year #revelations #management

Leave a Replay