The Scenario in Brief:
Our client performs medical billing services for their clients across the country and had recently acquired a new customer in New York. Each time they intake a new customer our team is engaged to set up secure remote access to that customer’s site.
Given the sensitivity of the data being accessed it was necessary to provide an extremely secure solution, compliant with HIPAA regulations. In this case we deployed remote access utilizing the SolarWinds Remote Monitoring & Management (RMM) platform, with the included Take Control software. This solution provides an encrypted connection protected by multiple factors of authentication to gain access.
As soon as this monitoring software was installed it began reporting attacks from a host of different public IP addresses from multiple countries. We know from experience that when this activity is seen, typically someone has forwarded Microsoft’s Remote Desktop Protocol (RDP) port through the firewall, for simple (albeit insecure) remote access. One of the greatest dangers of utilizing this antiquated remote access methodology, is that it has become a go-to method for bad actors to infiltrate and launch ransomware attacks against the target.
This particular chiropractic customer had recently employed an acquaintance to implement this solution. Given that the state of New York was recently shutdown, they had little time to act or properly plan for this sudden change. Unfortunately, the party was either not thinking through the cybersecurity ramifications or perhaps was unaware that ransomware is often spread through open RDP ports.
Our team quickly consulted with the parties involved, and offered options, including alternative remote solutions that were flexible enough to fit their workflow of iPad’s and Windows devices. We also suggested engaging with a local IT company if that was their preference. The client was relieved to know that this attack was caught in time (even if it was outside of the scope of our initial intent) and the opportunity was given to avoid business disaster. This would have conceivably shut down their business in the short-term in the middle of an already difficult situation.
We are thankful we can help this business stay in business through an already difficult time.