Our client, a medical group in Indiana, downloaded and installed a security update for their on-premises Microsoft Exchange 2016 server. After the installation was completed, issues began to surface that resulted in all email delivery being suspended. They suspected the newly discovered HAFNIUM vulnerability may have compromised their mail server. This event impacted the entire clinical and business operations of the medical group.
Pivot Point Consulting and its Vaco sister company, MorganFranklin Cyber (MFC), were called in to provide a rapid response to the critical situation. The scope of our services included:
Throughout the course of the assessment, MFC and the medical group noted the mail server performance was severely degraded. The most resilient path forward was to rebuild the Microsoft Exchange server including the latest cumulative update and security patches to ensure all activity related to the malicious activities would be removed. This rebuild also addressed performance issues. After MFC validated the Microsoft Exchange server was back online and operational, and confirmed that the external interface was secure, it was opened up to external access. As an additional safety measure, they blocked all inbound and outbound internet traffic to/from IP addresses associated with the HAFNIUM attack.
In addition to resolving the HAFNIUM vulnerability issue and fully restoring the medical group’s Microsoft Exchange server in less than 48 hours, Pivot Point Consulting and MFC recommended the following measures to prevent future breaches: