A CYBERSECURITY CASE STUDY
This Is Too Serious A Matter To Entrust To Others And Completely Delegate Without Your Involvement
This is no longer an issue that can simply be delegated to the IT department.
ONE slipup from even a smart, tenured employee clicking on the wrong e-mail, innocently downloading an application, lazily using an easy-to-remember password for ONE application, is all it takes to open the door to a hacker or ransomware and create real damage.
Take the story of Michael Daugherty, former CEO of LabMD. His small, Atlanta-based company tested blood, urine and tissue samples for urologists – a business that was required to comply with federal rules on data privacy as outlined in the Health Insurance Portability and Accountability Act, or HIPAA.
He HAD an IT team in place that he believed was protecting them from a data breach – yet the manager of his billing department was able to download a file-sharing program to the company’s network to listen to music, and unknowingly left her documents folder (which contained over 9,000 patient files) open for sharing with other users of the peer-to-peer network.
This allowed an unscrupulous IT services company to hack in and gain access to the file and use it against them for extortion. When Daugherty refused to pay them for their “services,” the company reported him to the Federal Trade Commission, who then came knocking.
After filing some 5,000 pages of documents to Washington, he was told the information he shared on the situation was “inadequate”; in-person testimony by the staff regarding the breach was requested, as well as more details on what training manuals he had provided to his employees regarding cyber security, documentation on firewalls and penetration testing. (QUESTION: ARE YOU DOING ANY OF THIS NOW?)
Long story short, his employees blamed HIM and left, looking for more “secure” jobs at companies that weren’t under investigation. Sales steeply declined as clients took their business elsewhere. His insurance providers refused to renew their policies.
The FTC relentlessly pursued him with demands for documentation, testimonies and other information he already provided, sucking up countless hours of time. The emotional strain on him – not to mention the financial burden of having to pay attorneys – took its toll, and eventually he closed the doors to his business, storing what was left of the medical equipment he owned into his garage, where it remains today…
Read our Report on the Cyber Security Crisis and find out if your business is really protected from an attack or extortion.