At the beginning of the month, RMIA (Reproductive Medicine and Infertility Associates) in Woodbury, Minnesota informed its patients that a malware attack had potentially exposed their PII (personally identifiable information).
In its announcement, RMIA said: “On December 5, 2018, we discovered that we had been the target of a criminal malware attack. We engaged independent computer forensics experts, which removed the malware, to determine how the incident occurred and if information had been accessed by the attacker. Although the investigation did not identify any evidence of access to anyone’s personal information, we unfortunately could not completely rule out the possibility that patients’ personal information, including name, address, date of birth, health insurance information, limited treatment information and, for donors only, Social Security number, may have been accessible.”
RMIA has offered those potentially impacted by the incident additional information and support, including complimentary identity monitoring services. It has also taken steps to secure its information to prevent similar incidents in the future, including adding an extra firewall and implementing two-factor authentication.
However, when asked how the attacked occurred, RMIA spokesperson Michael Stein admitted: “We don’t know.”
Penetration testing with IT Governance USA
Stein’s answer is not the response that RMIA’s patients, or anyone else, want to hear. All organizations need to secure their networks, which is where penetration testing can help.
Penetration testing is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find your organization’s weaknesses.
An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimizing the impact on everyday operations.
IT Governance USA offers a variety of penetration testing services to suit your needs. To find out more, get in touch with one of our experts at firstname.lastname@example.org or on 1-877-317-3454.