In response to reports that South Denver Cardiology Associates has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed, experts commented below.
The reported timing of the breach detection was one of the faster responses I’ve seen in recent years. Often attackers dwell time extends months before they are detected. Whether this was due to excellent detection capabilities at SDCA or from the attackers making their presence unmistakable by launching ransomware or making extortion threats isn’t clear from the notification provided. Regardless, it’s instructive that even with the reportedly short 3-day detection period that the damage was still significant. The centralization of data silos and speed of modern computers and networks mean that an attacker that gains a foothold into a victim’s organization can compromise mass quantities of information with shocking speed. To protect themselves and their customers, businesses must take this into account when forming their defensive strategy. If detecting suspicious activities is part of a manual process that is performed on only a monthly or quarterly basis such as a log review, the potential window for an attacker to do significant damage is gigantic.
The reported timing of the breach detection was one of the faster responses I’ve seen in recent years. Often attackers dwell time extends months before they are detected. Whether this was due to excellent detection capabilities at SDCA or from the attackers making their presence unmistakable by launching ransomware or making extortion threats isn’t clear from the notification provided. Regardless, it’s instructive that even with the reportedly short 3-day detection period that the damage was still significant. The centralization of data silos and speed of modern computers and networks mean that an attacker that gains a foothold into a victim’s organization can compromise mass quantities of information with shocking speed. To protect themselves and their customers, businesses must take this into account when forming their defensive strategy. If detecting suspicious activities is part of a manual process that is performed on only a monthly or quarterly basis such as a log review, the potential window for an attacker to do significant damage is gigantic.