Helping a healthcare leader recover from a malware attack

A national healthcare provider experienced a malware attack that crippled its ability to provide critical business services to its clients. Due to the nature of the attack, executives needed to spend considerable time answering legal and regulatory questions and offering assurances to customers regarding their response to the incident. Without a chief security information officer to oversee the cybersecurity program, they needed a knowledgeable expert to help them communicate with customers, regulators, and executive stakeholders.

The organization determined that they needed a Unit 42 vCISO—a virtual chief information security officer—to help identify and manage risk and interface with customers and regulators to provide updates on the corporate response.

In addition, the client wanted to build a detailed cybersecurity program to improve their security posture, response playbooks, and minimize the impact of future events. Knowing it would take a good amount of time to identify, recruit, and onboard an executive, the organization needed an interim cybersecurity consultant to act in the capacity of a CISO.

Managing highly visible malware incidents can challenge any organization. Many healthcare organizations lack highly expert senior-level cybersecurity staff, making the task even more considerable. In the wake of a malware incident, this organization turned to Unit 42 to serve as a vCISO to identify and manage risk as well as provide extensive communication assistance to customers, attorneys, and regulators, giving status updates on remediation measures implemented to mitigate risk.

The vCISO immediately took charge of the organization’s internal cybersecurity team, performing the role of the chief information security officer. The new vCISO was responsible for collaborating with internal business groups to develop a robust information security program, authored a multiyear cybersecurity roadmap of tactical initiatives, and built a short- and long-term budget to support these initiatives.

During the engagement, the vCISO became a trusted advisor to the corporate executives and, ultimately, the board of directors, providing a highly effective communication function internally, externally, and up the chain of command.

With a Unit 42 vCISO onboard, the corporate executives were able to focus on restoring normal business operations while entrusting the vCISO with critical communications functions for customers, attorneys, regulators, and executive stakeholders. The Unit 42 vCISO helped the organization to develop a more robust information security program with the goal of improving its defenses now and in the future.

To learn more about Unit 42, visit paloaltonetworks.com/unit42.

If you’d like to learn more about how Unit 42 can help your organization defend against and respond to severe cyberthreats, visit start.paloaltonetworks.com/contact-unit42 to connect with a team member

If you think you may have been breached or have an urgent matter, please email unit42-investigations@paloaltonetworks.com or call US Toll-Free: 1.866.486.4842 (866.4.UNIT42), EMEA: +31.20.299.3130, and JAPAC: +65.6983.8730