Free EHR, EHR and Healthcare IT Newsletter Want to receive the latest updates on EHR, EMR and Healthcare IT news sent straight to your email? Get all the latest EHR News for FREE!

HHS ASPR/CIP HPH Cyber Notice: On-Going Impacts to HPH Sector from WannaCry

DISCLAIMER: This product is provided “as is” for informational purposes only. The Department of Health and Human Services (HHS) does not provide warranties of any kind regarding any information contained within. HHS does not endorse any commercial product or service referenced in this product or otherwise.

HHS is aware of two, large, multi-state hospitals systems that are continuing to face significant challenges to operations because of the WannaCry malware. Note: this is not a new WannaCry attack.

The behaviors that have been reported are typical for environments where the WannaCry scanning virus persists, even though the encryption stage has been blocked by anti-virus, or is not executing. The virus can persist even on a machine that has been patched. The virus will not spread to a patched machine, but the attempt to scan can disrupt Windows operating systems when it executes. The particular effect varies according the version of Windows on the device. For those devices or systems, we are providing additional guidance below.

We are also sharing FDA’s emergency phone line for those with questions or reports of malware affecting devices as part of the recommended reporting process below.

You may send additional questions to cip@hhs.gov

Mitigating risks of WannaCry

WannaCry ransomware is a fast-propagating worm which exploits Windows’ Server Message Block version 1 (SMBv1) protocol to move through a network or infect other systems on the Internet. However, SMBv1 might not be the only vector of infection for WannaCry, so even patched systems could still be infected if the malware is introduced to the system in a different manner.

Furthermore, a newly patched system could have been previously infected, and if so, would still scan for other vulnerable systems and/or encrypt files. Patching a system is similar to how in physical medicine, a quarantine will prevent an infection from spreading however will not cure the patient who has been quarantined. Reimaging removes the infection in the operating system no matter where the virus is residing.

Mitigate the risk of WannaCry infection by:

  • Patch vulnerable systems with the update from Microsoft which fixes the SMBv1 vulnerability: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • Disable SMBv1 on all devices, across the network and disable it at the firewall if possible. If it is not possible to disable SMBv1, consider the business-impact for quarantining those devices off the network until another solution can be found.
  • See the Tech Support page from Microsoft below for instructions on disabling SMBv1: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server
  • Block port 445 on all firewalls
  • If possible, reimage potentially affected devices to mitigate risk that malware is on the system in the background.
  • Use a reputable anti-virus (AV) product whose definitions are up-to-date to scan all devices in your environment in order to determine if any of them have malware on them that has not yet been identified. Many AV products will automatically clean up infections or potential infections when they are identified.
  • Work with vendors to make sure both the distribution stage and the encryption stage of WannaCry are detected and blocked.
  • Work with vendors or IT support staff to investigate and remediate systems exhibiting network-scanning activity consistent with WannaCry, which could reimaging per the previous bullet point.

If you are the victim of a ransomware attack

If your organization is the victim of a ransomware attack, HHS recommends the following steps:

  1. Please contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#fieldimmediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
  3. **NEW** If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov

Additional Resources

June 5, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HHS awards funding to help protect health sector against cyber threats

The U.S. Department of Health and Human Services (HHS) has awarded cooperative agreements totaling $350,000 to strengthen the ability of health care and public health sector partners to respond to cybersecurity threats. The agreements will foster the development of a more vibrant cyber information sharing ecosystem within health care and public health sector.

HHS’ Office of the National Coordinator for Health Information Technology (ONC) awarded acooperative agreement to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Florida, to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders. HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) awarded a cooperative agreement to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners.

“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector,” said Dr. Nicole Lurie, HHS’ assistant secretary for preparedness and response. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”

“The security of electronic health information is foundational to our increasingly digitized health system,” said Dr. Vindell Washington, national coordinator for health information technology. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.”

Security breaches and ransomware attacks on the public healthcare system have been on the rise in recent years, as has the average cost associated with these attacks. Today, the cost of cybersecurity breaches averages $3.8 million per attack, according to a recent study. While some healthcare entities have adequate resources to contract with information sharing analysis organizations that could to inform them about cyber incidents, smaller healthcare entities often do not.

Through a streamlined cyber threat information sharing process, HHS will be able to send cyber threat information to a single entity, which then will share that information widely to support the full range of stakeholders. This approach helps ensure that smaller health care providers have the information they need to take appropriate action.

The agreements also will help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities. Information about any system breaches and ransomware attacks will be relayed through a more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems.

ASPR leads HHS in preparing the nation to respond to and recover from adverse health effects of emergencies, supporting communities’ ability to withstand adversity, strengthening health and response systems, and enhancing national health security.  To learn more about ASPR, visit the HHS public health and medical emergency website, phe.gov.

ONC is the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information. To learn more about ONC, visit HealthIT.gov.

HHS is the principal federal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

October 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Exostar Launches Cybersecurity Risk Assessment Solution

Partner Information Manager Allows Organizations to Identify and Address Vulnerabilities throughout their Global, Multi-tier Supply Chains

HERNDON, VA, December 8, 2015Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced the availability of Partner Information Manager (PIM), a new, modular solution that continuously measures risk across a business’s extended value chain.  With the launch of PIM and its cybersecurity module, organizations throughout the enterprise – from procurement, contracting, and IT to compliance, security, and the C-suite – have the information they need to build and manage their supply chains, assess potential vulnerabilities, and initiate steps to protect their intellectual property, reputations, and revenue streams.

Exostar developed PIM by working closely with many of the world’s largest Aerospace and Defense (A&D) industry firms, forming a Security Steering Committee that includes security and supply chain executives from BAE Systems, Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and Rolls-Royce.  PIM’s Cybersecurity module reflects best practices input from these companies that is based on internationally recognized standards.

“Our objective was to bring A&D leaders together, understand their cybersecurity risk management initiatives and progress to date, and build consensus for the optimal approach to improving the industry’s cybersecurity posture going forward,” said Dr. Paul Kaminski, Exostar’s Chairman of the Board.  “With PIM, we have created a common platform that A&D supply chain ecosystem partners can jointly use to achieve this much-needed improvement.”

The heart of PIM’s Cybersecurity module is a comprehensive questionnaire and evaluation engine.  Suppliers complete the questionnaire and are assigned a Security Maturity Level that is a measure of their current capabilities.  Buyers get deep visibility into a supplier’s cybersecurity strengths and weaknesses, which lets them assess risk and make better business relationship decisions.  Suppliers have a clear roadmap for improvement recognized and accepted by multiple buyers, which allows them to justify the investments required to raise their Security Maturity Level and promote long-term engagements with buyers.

Exostar’s Managed Access Gateway (MAG) controls access to PIM, making it the most secure risk management solution on the market, while empowering individuals with a single sign-on user experience.  Because MAG brings together over 100,000 A&D organizations worldwide, PIM incorporates a “collect once, share multiple times” supplier engagement methodology.  Suppliers can complete or update the cybersecurity questionnaire one time and send it to any buying organization that is part of the Exostar A&D community – reducing the burden on suppliers by eliminating redundancy and enabling buyers to more rapidly obtain critical risk information.

“Understanding a supplier’s cybersecurity maturity level allows Lockheed Martin to make informed decisions on how best to manage their risk throughout our global, multi-tier supply chain,” said Jim Connelly, Vice President and Chief Information Security Officer at Lockheed Martin and Chairman of Exostar’s Security Steering Committee.  “Exostar’s PIM enables us to implement a consistent, efficient, cost-effective process to measure, assess, and mitigate risk in real-time and over time.”

About Exostar

Exostar’s cloud-based solutions help companies in highly-regulated industries mitigate risk and solve identity and access challenges. Nearly 125,000 organizations leverage Exostar to help them collaborate securely, efficiently, and compliantly with their partners and suppliers. By offering connect-once, single sign-on access, Exostar strengthens security, reduces expenditures, and raises productivity so customers can better meet contractual, regulatory, and time-to-market objectives.  www.exostar.com.

December 8, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Most Wired Hospitals Focus on Security and Patient Engagement

ANN ARBOR, MI and CHICAGO, July 9, 2015 – Health data security and patient engagement are top priorities for the nation’s hospitals, according to results of the 17th annual HealthCare’s Most Wired™ Survey, released today by the American Hospital Association’s Health Forum and the College of Healthcare Information Management Executives (CHIME).

The 2015 Most Wired™ survey and benchmarking study, in partnership with CHIME and sponsored by VMware, is a leading industry barometer measuring information technology (IT) use and adoption among hospitals nationwide. The survey of more than 741 participants, representing more than 2,213 hospitals, examined how organizations are leveraging IT to improve performance for value-based healthcare in the areas of infrastructure, business and administrative management, quality and safety, and clinical integration.

According to the survey, hospitals are taking more aggressive privacy and security measures to protect and safeguard patient data. Top growth areas in security among this year’s Most Wired organizations include privacy audit systems, provisioning systems, data loss prevention, single sign-on and identity management. The survey also found:

  • 96 percent of Most Wired organizations use intrusion detection systems compared to 85 percent of the all respondents. Privacy audit systems (94 percent) and security incident event management (93 percent) are also widely used.
  • 79 percent of Most Wired organizations conduct incident response exercises or tabletop tests annually, a high-level estimate of the current potential for success of a cybersecurity incident response plan, compared to 37 percent of all responding hospitals.
  • 83 percent of Most Wired organizations report that hospital board oversight of risk management and reduction includes cybersecurity risk.

“With the rising number of patient data breaches and cybersecurity attacks threatening the healthcare industry, protecting patient health information is a top priority for hospital customers,” said Frank Nydam, Senior Director of Healthcare at VMware. “Coupled with the incredible technology innovation taking place today, healthcare organizations need to have security as a foundational component of their mobility, cloud and networking strategy and incorporated into the very fabric of the organization”

As hospitals and health systems begin to transition away from volume-based care to more integrated, value-based care delivery, hospitals are utilizing IT to better facilitate information exchange across the care settings. This includes greater alignment between hospitals and physicians. According to the survey, the physician portal is a key factor in strengthening physician-hospital alignment:

  • In 84 percent of Most Wired organizations, physicians can view and exchange other facilities’ results in the portal compared with 63 percent of hospitals surveyed.
  • 76 percent use the portal and electronic health record (EHR) to exchange results with other EHRs and health information exchanges compared to 56 percent of those surveyed.
  • 81 percent can communicate with patients via email or alerts in contrast to 63 percent of all respondents.

Driven beyond the requirements of Meaningful Use Stage 2, this year’s Most Wired hospitals are utilizing the benefits of a patient portal to get patients actively involved in their health and healthcare. For instance, 89 percent of Most Wired organizations offer access to the patient portal through a mobile application. Other key findings include:

  • 67 percent of Most Wired hospitals offer the ability to incorporate patient-generated data.
  • 63 percent offerself-management tools for chronic conditions.
  • 60 percent offer patient-specific education in multiple languages.

“We commend and congratulate this year’s Most Wired hospitals and their CIOs for improving care delivery and outcomes in our nation’s hospitals through their creative and revolutionary uses of technology,” said CHIME CEO and President Russell P. Branzell, FCHIME CHCIO.”These Most Wired organizations represent excellence in IT leadership on the frontlines of healthcare transformation.”

“Congratulations to our nation’s Most Wired hospitals for harnessing the potential of information technology to improve quality care and patient safety and lower health care costs,” said Rich Umbdenstock, president and CEO of the AHA. “At the forefront of the field, these hospitals are setting the bar for protection of patient data through discerning security measures.”

HealthCare’s Most Wired™ Survey, conducted between Jan. 15 and March 15, 2015, is published annually by Health & Hospitals Network. Respondents completed 741 surveys, representing more than 39 percent of all U.S. hospitals.  Last October, the AHA/Health Forum and CHIME announced the formation of a Most Wired partnership to enhance collaboration between the two organizations in the development and sustainability of the survey, and to collectively help meet the growing demand for useful data on health IT integration.

Detailed results of the survey and study can be found in the July issue of H&HN. For a full list of winners visit www.hhnmag.com.

About the American Hospital Association
The American Hospital Association (AHA) is the national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. Nearly 5,000 hospitals, health care systems, networks, other providers of care and 43,000 individual members come together to form the AHA. Founded in 1898, the AHA provides education for health care leaders and is a source of information on health care issues and trends. For more information, please visit www.aha.org.

About CHIME
The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers and other senior healthcare IT leaders. With more than 1,500 CIO members and over 150 healthcare IT vendors and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit www.chimecentral.org.

About Health Forum

Health Forum is a strategic business enterprise of the American Hospital Association, creatively partnering to develop and deliver essential information and innovative services to help health care leaders achieve organizational performance excellence and sustainability. For more information, please visit www.healthforum.com.

About our Sponsor

VMware is a global leader in cloud infrastructure and business mobility. Built on VMware’s industry-leading virtualization technology, our solutions deliver a brave new model of IT that is fluid, instant and more secure. Customers can innovate faster by rapidly developing, automatically delivering and more safely consuming any application. With 2014 revenues of $6 billion, VMware has more than 500,000 customers and 75,000 partners. The company is headquartered in Silicon Valley with offices throughout the world and can be found online atwww.vmware.com.

July 9, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Survey Shows Insider Threats on the Rise: Organizations Experience an Average of 3.8 Attacks per Year

Survey by Crowd Research Partners Shows Endpoints Are by Far the Most Common Launch Point for an Insider Attack; Highlights Need for Robust Endpoint Security and Policies

VERO BEACH, FL − (June 24, 2015)SpectorSoft™, a leader in the user activity monitoring and behavior analysis market, today released results of the Insider Threat Report, a crowd-based research project that was done in cooperation with the 260,000+ member Information Security Community on LinkedIn and Crowd Research Partners to gain more insight into the state of insider threats and solutions to prevent them. The final report results were based on a comprehensive survey of over 500 cybersecurity professionals from organizations of varying sizes across many industries; the results highlight the increasing need for better security practices and solutions to reduce the risks posed by insider threats.

Among the report’s findings:

The Rise of Insider Attacks: A majority of security professionals (62 percent) saw a rise in insider attacks over the last 12 months, while 22 percent saw no rise, and 16 percent were unsure if they had been attacked or not.

Frequency of Insider Attacks: Forty-five percent of respondents cannot determine whether their organizations experienced insider attacks in the last 12 months. Twenty-two percent said they experienced between one and five attacks, and 24 percent of organizations believe they experienced no attacks at all. Of the respondents who were willing to admit they suffered an insider attack, the average number was 3.8 incidents per organization per year.

Cost of Remediation: The overall average cost of remediating a successful insider attack is around $445,000. With an average risk of 3.8 insider attacks per year, the total remediation cost of insider attacks can quickly run into the millions of dollars.

Monitor Insider Activity on the Endpoint: The survey highlights the need for robust endpoint security and policies; respondents identified endpoints as the most common launch point for insider attacks (56 percent); this was followed by networks (43 percent) and mobile devices (42 percent).

Top Insider Threats: Organizations overwhelmingly maintained that data loss was the top concern regarding insider threats. When asked which types of insider attacks were most concerning, 63 percent of respondents said data leaks, 57 percent said inadvertent data breaches and 53 percent said malicious data breaches.

Vulnerable Data: Sixty-four percent of respondents feel extremely, very or moderately vulnerable to insider threats. Due to its value to attackers, the most vulnerable type of data is customer data (57 percent). This was closely followed by intellectual property (54 percent) and financial data (52 percent).

Internal versus External Attacks: Sixty-two percent of respondents find it more difficult to detect internal threats than external threats, while 38 percent cannot determine which type of threat is most difficult to detect.

Monitoring the Threat: When it comes to threat monitoring, 75 percent of companies monitor the security controls of their applications, 60 percent monitor a majority of all of their key IT assets, while only 21 percent continuously monitor user behavior taking place on their networks.

“The survey and report called out a rise in insider threats, the difficulty in detecting them, and the significant costs in cleaning up after a successful insider attack,” said Mike Tierney, COO, SpectorSoft.  “Companies need the ability to detect for anomalies in user behavior to make sure they are aware of the threats that exist within their organizations, because insiders will deviate from their normal behavior patterns when planning and executing an attack.”

About SpectorSoft

SpectorSoft is the leader in user activity monitoring and an innovator in user behavior analysis software. SpectorSoft has helped more than 36,000 businesses, government organizations, schools and law enforcement agencies improve how they address security and achieve compliance. SpectorSoft award-winning solutions include enterprise-grade insider threat detection software, a powerful user activity monitoring solution deployed by thousands of companies in more than 110 countries, robust Event and Security Log Management, and the world’s leading employee investigation tool. For more information, please visitwww.spectorsoft.com.

June 26, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.