Don’t believe everything you are told
I was recently informed by a family member who works in a small doctors office that they were infected by a virus/spyware/malware of some sorts. Well, turns out that one of the employees decided to use a computer in the office to surf the web and install “stuff.” Shortly thereafter the machine was acting strange and eventually became inaccessible. Other machines on the network that were not used for browsing were soon experiencing the same symptoms and became inaccessible. The outsourced IT group they use got the call for help and tried fixing but quickly realized they could not do anything remotely. They came onsite and took the machines away to look at, but would probably need to rebuild.
So this prompted many questions from me. I’ll skip over all of the simple questions, but there was one in particular that I just loved the answer of. I asked if any of the patient data was compromised. This is a doctors office after all with names, addresses, SSNs , health care provider info, ect. The IT staff told them, without much analysis, that nothing was compromised.
Now I know a little about their setup, not a lot but enough to know it is very simple. I have offered to review things and do a security audit multiple times but they don’t want to part with the cash. You get what you pay for! Anyway, I started asking more questions because that is what I do and because I don’t like half-assed answers. So how do they know that nothing was compromised? Are they logging access to the records? Are they monitoring traffic? Did they dig into the infected PC to find out exactly what they had and what it did? Of course not! They just assumed that whatever they got had a low chance of grabbing data and shipping it out. I’m serious!
My point of all this, and there could be many in this mess, is that the IT staff jumped to the conclusion that nothing was compromised without any proof and that the office manager belived them. The office manager would believe anything they told her. Don’t believe everything you are told or read for that matter. Questioning thoughts, ideas and statements is a good thing and you can learn a lot from doing so. So don’t be shy…ask questions!
Filed under: Security | Leave a Comment
Tags: breach, compromise, Security, virus