"The initial access vector – the way these threat actors break into organizations – is not known"
Yet another indication of poor information governance in the healthcare sector. At the very least, network logs should provide some indication. Oh, I forgot - one healthcare place I worked only kept logs for a week "because the disk is too small to keep them for any longer".
Biting the hand that feeds IT
