Anatomy of a Cyber Attack—and How You Can Protect Your Practice

According to FireEye’s 2019 report, Beyond Compliance: Cyber Threats and Healthcare, the healthcare sector is often a target for bad actors. Unfortunately, the ramifications of a cyber attack on a dental practice can be far reaching—especially if protected patient information is compromised.

Cyber criminals often follow a familiar pattern, and there are steps you can take during the different stages of an attack to protect your practice. Named the “Cyber Kill Chain” by Lockheed Martin, this model outlines seven steps the cyber criminal must take in order to achieve their goal (please note that there are instances where steps are combined or skipped).

In this chart below, I have outlined the various stages in the kill chain and what you can do to mitigate damage to your office.


Stage in Kill Chain

Actions You Can Take


The bad actor will begin by researching and identifying targets. This can be done by scouring social media or obtaining email lists.

CSD-Weapon-Blue_Delivery copy.png

The bad actor will now gain remote access through an automated tool, known as a weaponizer. Even seemingly innocuous file types, such as PDFs or Microsoft Office documents can be used as a vehicle for the weaponized deliverable.

Adversary creates weapon - no action can be taken

CSD-Delivery-Orange2_Delivery copy.png

The weapon is transmitted to the target’s environment via email, websites or USB.

  • Enable anti-virus tools
  • Filter emails and web access
  • Educate your team
  • Conduct phishing exercises
  • Limit USB devices
  • Block auto-Run


Once the weapon is deployed, the code is executed on the victim’s system and the target is most often an operating system or application vulnerability.

  • Keep up to date on patches
  • Scan for vulnerabilities
  • Protect websites with web application firewalls


The malware is installed in the system, allowing the bad actor remote access to the environment.

  • Enable anti-virus tools
  • Control “admin” rights
  • Implement multi-factor controls
  • Whitelist tools for software

CSD-Command-Gray_Instalation copy.png

Command and Control
During this stage, the bad actor establishes a command channel to manipulate the victim remotely.

  • Implement firewalls
  • Enable intrusion protection systems
  • Utilize proxy filters

Actions on Objectives
At this stage, the bad actor can achieve their objectives, which most often includes data exfiltration for the purposes of encrypting and extracting data.

  • Secure backups
  • Implement your disaster recovery plan
  • Consult with your cyber insurance provider
  • Forensic IR retainer

During a recent expert panel on best practices for protecting your practice, I went into more detail on the anatomy of a cyber-attack and what you can do to protect your practice. You can view the video below.

Anatomy of a Cyber Attack—and How You Can Protect Your Practice from Carestream Dental on Vimeo.

John Bruggemann Global Information Security Officer & Data Protection Officer, Carestream Dental