Managing Data Breach Incident: Response and Collaboration

Following a data breach incident, the organization swiftly initiated an investigation, engaged IT support to contain the threat, and collaborated with Catholic Mutual for cyber liability coverage and risk assessment to ensure data protection and security. Employee data potentially at risk, stakeholders informed, and the proactive steps taken to address the breach.

• Data breach
• Incident response
• Cyber security
• Collaboration
• Risk assessment

shon946 Follow

Uploaded on Mar 19, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Computer Virus Review SEPTEMBER 12, 2024

2. How did it happen/How did we find out? Employees were unable to login to their work stations/computers went dark. Unknown. Most probably a corrupt email/weblink link. 1 IT Source was contacted and discovered malicious software on an employee s workstation. ORCA acquisition ransom note was discovered, which informed the parish that files had been encrypted and confidential/personal data was downloaded.

3. What did we do/How did we fix it? Upon detecting this incident, we moved quickly to initiate an investigation to remediate the incident and confirm the security of our network environment. Promptly engaged 1 IT Source to contain the threat by cleaning and restoring the affected server and workstations. Then we began a detailed investigation and review of personnel data stored within the environment to determine what data may have been affected by the malicious software prior to its remediation. The server was infiltrated. Temporary back-up drive was created to restore the server and files.

4. What employee data was at-risk? The following was potentially accessed/acquired by a person not authorized to view them: Name and address Date of birth Phone number Electronic signature and at least one SSN (as a result of a file sweep) Direct deposit information for current employees was also stored within the environment for payroll purposes.

5. Who did we notify? Key parish leaders Current employees Diocese of Des Moines Staff Catholic Mutual and affiliates Waukee Police Department Previous employees *We didn t notify parishioners (information wasn t impacted)

6. How did we work with Catholic Mutual? Greg Miller helped to coordinate this effort. Thank you! Contacted by Tokio Marine HCC-Cyber security division. Handles Cyber Liability coverage for the Diocese through Catholic mutual. Meetings with Tokio Marine Questions revolved around: Timeline/events, equipment impacted, third party venders where sensitive information is stored, computer safety like malware, any unauthorized access, facility structure (additional buildings, etc). Primary concern was did hackers obtain confidential information.

7. How did we work with Catholic Mutual? Tokio Marine retains the law firm: Wilson, Elser, Moskowitz, Edelman and Dicker to perform cyber risk assessment. Meetings with this law firm: Questions revolved around: What happened? Data retrieval efforts State and federal laws/regulations regarding notification of at-risk data Claim expense process, etc.

8. What did we do continued? Result: Employee data . In working with Catholic Mutual affiliates, there was no evidence any of the information was misused by a third party. However . St. Boniface employees, (previous/current) were made aware of this incident and of our response. Via insurance policy, previous/current employees were also provided the opportunity for Single Bureau Credit Monitoring and Reports services at no charge for one year.

9. IT Safeguards Implemented new server: Multi layer security for data backups File servers-shadow copies with timestamp, allowing for easy recovery of data if necessary Back-up server stored off-site Advanced Malwarebytes end point protection-cloud based, virus, and intrusion protection Prior to: Standard version Malwarebytes Old Server-2009-2010 At the time of incident the new server was onsite, but not in production

10. How long were we down? Total shut down: About 1 week Peripheral impacts: 1.5 months VPN Outlook Programs installations, like Metsay HVAC system needed to be reinstalled. Internet explorer, browser sinking issues Harassing phone calls: 1 month Insurance/liability/cyber investigation: 3 months Total timeframe: April 2, 2024-June 30, 2024 In total: lost 10 days of data (words docs, etc.)

11. Some take-aways Can take place in any organization, large or small Strong support system Good learning experience Work stoppages are a bear Secure third-party systems: Paylocity and new online VIRTUS system

12. Questions?