Cyberattacks and Incident Response
Over the last year, organizations have seen a steady increase in cybersecurity attacks. In September 2023, MGM Resorts experienced a cyberattack that crippled their operations for 10 days at a cost of more than 100 million dollars. In February 2024, Change Healthcare experienced a breach of their medical claims platform and has been continuing to restore their systems for the last month. Thus far, UnitedHealth, the parent company, has issued around 2 billion in loans for its programs. This ripple effect has also prompted an investigation by the U.S. Department of Health and Human Services (HHS). This article will identify the common theme with these attacks and how incident response, including the use of tabletop exercises and playbooks, can help you and your employees be prepared in the event of an attack.
As time has gone on, more details surrounding the MGM Resorts attack have come to light; however, information regarding Change Healthcare is still surfacing daily. Speculations have emerged around the use of a remote troubleshooting application, ConnectWise ScreenConnect, by the same group ALPHV to remotely access the network. Ransomware was also deployed to the network impacting the processing of transactions and other medical information data.
The common theme that can be seen between these two scenarios is one word – ransomware. Ransomware has become a common method by hacker groups in recent years. In the case of MGM, ransom payment was not made, and it cost them more than 100 million dollars. For Change Healthcare, payment of around 22 million dollars in Bitcoin was made to the ALPHV, which is allegedly ransom for the attack.
So, how can a company be prepared in the event of an attack, such as a ransomware attack? In addition to a penetration test and internal security, incident response tabletops, also called playbooks, can help benchmark readiness and train employees on incident response procedures. Each playbook can outline a specific scenario ranging from compromised passwords to ransomware attacks. During security awareness and incident response training, companies can cover these scenarios with their employees to ensure that all employees know the right course of action to take in the event of an attack. Resources and example tabletop playbooks can be found on the U.S. Cybersecurity & Infrastructure Security Agency website.
As seen in the cases with MGM and Change Healthcare, cyberattacks can cause widespread financial implications, along with operational downtime and a tarnished reputation. When it comes to incident response and cybersecurity, the adage still holds true – the best offense is a good defense.
For more information on incident response, cybersecurity, and how SOC reports can help your organization, be sure to visit our SOC & Cybersecurity industry page, and don’t hesitate to contact Dave Hammarberg with further questions regarding SOC 2 reports or other services.
About the Author
Chris joined McKonly & Asbury in 2019 and is currently a Manager with the firm. He is a member of the firm’s System and Organization Controls (SOC) & Technology consulting practice, performing SOC 1, SOC 2, and SOC 3 engagements, as… Read more