Founded in 2000, vcpi (virtual care provider, inc.) is a privately held firm with 158 employees who focus on providing IT support to the unique world of long-term post-acute care senior living facilities nationwide. Their dedication to this market is evident as they make their team available to their clients 24/7 including weekends and holidays. Their corporate values include Serve with humility, Connect with empathy, Live with authenticity, and Collaborate with accountability.
While acting as the virtual Chief Information Security Officer (vCISO), SVA Consulting’s Mark Schafer was working with vcpi one day a week to assess the firm’s current security practices when their monitoring software identified abnormal activity within their data center. An independent forensic investigation and breach assessment was vcpi’s top priority. Without going into the details of this ransomware attack, the vCISO, the vcpi technical team and many other technical resources went to work based on the Incident Response and Management Process vcpi had put into place. The restoration and remediation actions took place 24/7.
Timeline of the Breach
- Day 0 – Attackers infiltrate network
- Day 1 – Ransomware executed
- Day 3 – Server restores begin
- Day 6 – The first systems are back online
- Day 10 – Most critical applications online
- Day 14 – Most systems online except legacy
- Day 33 – War room ends
- Day 58 – “No Breach” notification sent
- Day 101 – Incident backlog and call volume returns to normal