SVA's Security Breach Recovery Expertise Benefits vcpi


Security Breach Recovery



Working seamlessly as a part of our team, SVA Consulting’s vCISO and their team members, offered an incredible depth of knowledge and experience that we leveraged throughout our organization.

Zachery Koch, President & CEO


Founded in 2000, vcpi (virtual care provider, inc.) is a privately held firm with 158 employees who focus on providing IT support to the unique world of long-term post-acute care senior living facilities nationwide. Their dedication to this market is evident as they make their team available to their clients 24/7 including weekends and holidays. Their corporate values include Serve with humility, Connect with empathy, Live with authenticity, and Collaborate with accountability.

While acting as the virtual Chief Information Security Officer (vCISO), SVA Consulting’s Mark Schafer was working with vcpi one day a week to assess the firm’s current security practices when their monitoring software identified abnormal activity within their data center. An independent forensic investigation and breach assessment was vcpi’s top priority. Without going into the details of this ransomware attack, the vCISO, the vcpi technical team and many other technical resources went to work based on the Incident Response and Management Process vcpi had put into place. The restoration and remediation actions took place 24/7.

Timeline of the Breach

  • Day 0 – Attackers infiltrate network
  • Day 1 – Ransomware executed
  • Day 3 – Server restores begin
  • Day 6 – The first systems are back online
  • Day 10 – Most critical applications online
  • Day 14 – Most systems online except legacy
  • Day 33 – War room ends
  • Day 58 – “No Breach” notification sent
  • Day 101 – Incident backlog and call volume returns to normal


  • The SVAC’s CISO Mark Schafer helped lead the Incident Response and Management Process (IRMP).
  • vcpi’s president provided all the necessary resources to quickly act on the recommendations throughout the process.
  • vcpi’ s Compliance Officer reviewed and updated policies and procedures including monitoring processes, information, and communications to meet vcpi’s objectives during response, mitigation and recovery efforts.
  • A new network was built.
  • All vcpi computers were rebuilt and tested.
  • Two-factor authentication was implemented for all users
  • 2098 out of 2100 computers were able to be rebuilt from the firm’s earlier backup versions.
  • The first client company was back online within 6 days.
  • A post-mortem risk assessment was completed with recommendations.
  • Data security is now more robust.

Learn more about SVA Consulting technology services