Semperis and Sirius Healthcare help healthcare companies combat ransomware attacks

Semperis announced the launch of its ransomware task force for healthcare providers, formed in partnership with Sirius Healthcare.

The task force aims to improve the cybersecurity posture and resiliency of hospitals, pharmaceuticals, insurers, and other healthcare companies. The healthcare sector is target-rich for ransomware attacks, which have increased by 400% industry-wide this year, according to Gartner.

“Healthcare companies, big and small, are on the front lines of the global war on ransomware,” said Mickey Bresman, CEO of Semperis. “Think about hospitals that can’t access their systems to save a life or sensitive patient data getting into the wrong hands; the ransomware task force helps organizations take back control. Semperis and Sirius, together, have been called on to help numerous hospitals regain control of their environments—focusing on protecting and recovering their core identity management system, Active Directory—and continuing operations without disrupting patient services. In many cases, the AD was destroyed and required us to hunt down the adversary, close security holes, and eliminate vulnerabilities to trust the environment again following the cyberattack. Today, Semperis is proud to protect five of the largest healthcare organizations in the world.”

A 2021 survey of cybersecurity professionals revealed that organizations in the healthcare sector are among the most targeted by ransomware attackers and the least likely to have developed contingency plans. The exploitation of Active Directory (AD), the identity system used in 90% of organizations worldwide, is a common thread in the surge of ransomware attacks on healthcare companies.

Attackers take advantage of weak AD configurations to identify attack paths, access privileged credentials, and deploy ransomware. In partnership with Semperis, Sirius Healthcare offers healthcare organizations the industry’s most comprehensive cybersecurity solutions for AD and Azure AD, supported by a global incident response team.

“The combination of our healthcare specialization and Semperis’ Active Directory security and recovery technical expertise proves to be a game-changer for our healthcare clients facing ransomware attacks,” said Marty Momdjian, Healthcare Solutions Advisor for Sirius, a CDW company. “Together we are able to extend our solution offerings for clients to help protect one of their most critical and persistently targeted attack vectors—directory systems, both on-premises and in the cloud. In a sector where cyberattacks almost always involve AD in some form, this has proved important in providing a strong security stance and minimizing the impact of an attack.”

Semperis and Sirius Healthcare’s ransomware task force is in high demand, having already responded to multiple incidents in the healthcare sector. Recently, a phishing attack compromised the AD of a large orthopedic practice. After a call from the company’s CTO, the task force shut down risky access while a thorough analysis and cleansing of the AD took place.

The task force found a domain controller unimpacted by the attack to aid in a swift and secure recovery effort. Fortunately, the company did not suffer any data exfiltration, and business operations had minimal negative consequences.

“Having the Semperis and Sirius teams quickly come to our aid—with no expectation of purchasing their solutions—was one of the few things that allowed us to get a little bit of sleep when we were thrown into the deep end,” said the CTO of the orthopedic practice. “The biggest win wasn’t necessarily of a technical nature, it was that Semperis helped us become acutely aware of the world we were in and the risks we faced. They helped us understand the different phases of the attack and possible future attacks, and helped detect and shut down the hackers once they got in. Semperis knows exactly what to look for and has the tools to do it.”