Free EHR, EHR and Healthcare IT Newsletter Want to receive the latest updates on EHR, EMR and Healthcare IT news sent straight to your email? Get all the latest EHR News for FREE!

HHS ASPR/CIP HPH Cyber Notice: On-Going Impacts to HPH Sector from WannaCry

DISCLAIMER: This product is provided “as is” for informational purposes only. The Department of Health and Human Services (HHS) does not provide warranties of any kind regarding any information contained within. HHS does not endorse any commercial product or service referenced in this product or otherwise.

HHS is aware of two, large, multi-state hospitals systems that are continuing to face significant challenges to operations because of the WannaCry malware. Note: this is not a new WannaCry attack.

The behaviors that have been reported are typical for environments where the WannaCry scanning virus persists, even though the encryption stage has been blocked by anti-virus, or is not executing. The virus can persist even on a machine that has been patched. The virus will not spread to a patched machine, but the attempt to scan can disrupt Windows operating systems when it executes. The particular effect varies according the version of Windows on the device. For those devices or systems, we are providing additional guidance below.

We are also sharing FDA’s emergency phone line for those with questions or reports of malware affecting devices as part of the recommended reporting process below.

You may send additional questions to cip@hhs.gov

Mitigating risks of WannaCry

WannaCry ransomware is a fast-propagating worm which exploits Windows’ Server Message Block version 1 (SMBv1) protocol to move through a network or infect other systems on the Internet. However, SMBv1 might not be the only vector of infection for WannaCry, so even patched systems could still be infected if the malware is introduced to the system in a different manner.

Furthermore, a newly patched system could have been previously infected, and if so, would still scan for other vulnerable systems and/or encrypt files. Patching a system is similar to how in physical medicine, a quarantine will prevent an infection from spreading however will not cure the patient who has been quarantined. Reimaging removes the infection in the operating system no matter where the virus is residing.

Mitigate the risk of WannaCry infection by:

  • Patch vulnerable systems with the update from Microsoft which fixes the SMBv1 vulnerability: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • Disable SMBv1 on all devices, across the network and disable it at the firewall if possible. If it is not possible to disable SMBv1, consider the business-impact for quarantining those devices off the network until another solution can be found.
  • See the Tech Support page from Microsoft below for instructions on disabling SMBv1: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server
  • Block port 445 on all firewalls
  • If possible, reimage potentially affected devices to mitigate risk that malware is on the system in the background.
  • Use a reputable anti-virus (AV) product whose definitions are up-to-date to scan all devices in your environment in order to determine if any of them have malware on them that has not yet been identified. Many AV products will automatically clean up infections or potential infections when they are identified.
  • Work with vendors to make sure both the distribution stage and the encryption stage of WannaCry are detected and blocked.
  • Work with vendors or IT support staff to investigate and remediate systems exhibiting network-scanning activity consistent with WannaCry, which could reimaging per the previous bullet point.

If you are the victim of a ransomware attack

If your organization is the victim of a ransomware attack, HHS recommends the following steps:

  1. Please contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#fieldimmediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
  3. **NEW** If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov

Additional Resources

June 5, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Logicalis US to CIOs: Don’t be Held Hostage by Ransomware

Solution Provider IDs Five Proactive Steps CIOs Can Take Now

NEW YORK, September 12, 2016 – Ransomware, which holds business data hostage until a fee is paid, has taken a sharp upturn this year. In fact, a recent industry study found that nearly half of all U.S. businesses have experienced at least one ransomware attack in the past year alone. While organizations wrestle with the ever-pressing issue of whether to pay or not to pay if they’re victimized, Logicalis US, an international IT solutions and managed services provider (www.us.logicalis.com), suggests CXOs focus first on how to protect, thwart and recover from a potential attack before developing a pay or don’t-pay policy.

“Ransomware has become one of the most sophisticated criminal enterprises the world has ever seen,” says Ron Temske, Vice President, Security Solutions, Logicalis US. “As anyone in the business of cybersecurity knows, we’ve long battled those who simply wanted to create chaos and disruption. We’ve seen nation states attack both military and civilian targets and ‘hacktivists’ who act for various social causes.  But ransomware is different in one key way: It’s all about the money.  Ransomware is a business, complete with sophisticated cybercrime-as-a-service offerings and world-class customer support to ensure its victims’ files are returned expeditiously once the ransom is paid. It’s a service business approaching $1 billion in annual revenue, something that would be heralded as an accomplishment if it weren’t based on such nefarious principles. The business of ransomware has even spawned a network of affiliates that provide redirection of an exploit kit for a cut of the profits.”

Five Ways to Respond to the Threat from Ransomware

To be ready for an attack before it happens, to detect and stop it while it’s happening, or to recover from it after it happens takes planning. To help, Logicalis’ security experts have compiled a list of the top five ways to respond to the threat ransomware poses today.

  1. Create a Modern Defense: Traditional signature-based anti-virus solutions are good to have, but they aren’t up to the job of thwarting a sophisticated ransomware attack.  Neither is your traditional stateful firewall. As a result, it is critically important to plan for the possibility of an attack by developing comprehensive visibility and access to extensive details on how the malware entered the organization’s environment in the first place. IT pros who are serious about heading ransomware off at the pass should focus intently on modern next-generation anti-malware and firewall solutions that can stop an attack before it starts.
  2. Take an Architectural Approach: In some limited situations, point solutions can be effective, but not with ransomware. The most effective way to address the threat posed by ransomware and other pervasive cyberattacks is to take a holistic architectural approach to security that encompasses the entire network including its systems and endpoints as well as the organization’s cloud and mobile strategies. Because so many of today’s threats are automated, solutions that rely on human intervention to detect and respond are neither affordable nor effective, making automation and orchestration key principals in a solid security architecture design.
  3. Prevent the Spread of Malware: If an attacker’s malware does enter the network, it has the ability to spread like a fast-moving cold among passengers on an airplane.  The key at this stage is to compartmentalize data using network micro-segmentation strategies that make it more difficult for malware to spread laterally within the environment.
  4. Plan Your Recovery: The unfortunate truth is, despite the security industry’s best efforts, no organization is entirely immune to attack.  Therefore, it’s critical to examine how the organization will recover if it is breached. First, be sure you’re backing up. Second, test, test and re-test the backup and restore process; a backup is only valuable if the data can actually be restored when it’s needed.  It’s also important to ensure that the restore can be done at the system level since file-based recovery may not be enough. Consider, too, how much redundancy is required; if the organization is hit, do you have an uncorrupted source from which you can immediately recover? And be sure to weigh the costs of various solutions against the cost of potential loss or downtime – not all data is equally valuable, which means not all data needs the same level of protection.
  5. Create a Pay or No-Pay Policy: Finally, the big question: To pay or not to pay? No vertical market is having a tougher time facing this question than healthcare is today; whether it’s critical patient-care data that hackers hold hostage or the threat of hefty regulatory fines imposed when protected patient health information (PHI) is breached, healthcare organizations have become prime targets for ransomware attacks. Before any organization – healthcare or otherwise – pays a ransom, however, Temske suggests examining how much damage will be done if you don’t pay. Do you have an uncompromised data backup from which you can restore? What is the cost to restore vs. pay – both monetarily and in terms of the business’ ability to function in the meantime? Ultimately, the decision comes down to how business-critical the compromised data is to the organization. If you do decide to pay, Temske has one word of advice: “Negotiate. In most cases, you can talk the price down, so it may make sense to consider not paying the first amount offered.”

About Logicalis
Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.

Our customers cross industries and geographical regions; our focus is to engage in the dynamics of our customers’ vertical markets including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and to apply the skills of our 4,000 employees in modernizing key digital pillars, data center and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernization.

We are the advocates for our customers for some of the world’s leading technology companies including Cisco, HPE, IBM, NetApp, Microsoft, VMware and ServiceNow.

The Logicalis Group has annualized revenues of over $1.5 billion from operations in Europe, North America, Latin America and Asia Pacific. It is a division of Datatec Limited, listed on the Johannesburg Stock Exchange and the AIM market of the LSE, with revenues of over $6.5 billion.

For more information, visit www.us.logicalis.com.

September 12, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Logicalis US Asks 10 Tough Security Questions Every CIO Must Be Able to Answer

NEW YORK, April 19, 2016 – The most important thing CIOs in any industry need to know about IT security, according to Logicalis US, an international IT solutions and managed services provider (www.us.logicalis.com), is that, despite the hype, the fear and the complexity of available solutions, securing digital assets is fundamentally about managing risk.

“It’s important for IT professionals to take their IT security risks seriously,” says Ron Temske, Vice President, Security Solutions, Logicalis US.  “The first thing that has to be established is what you are trying to protect, and whether or not all of your digital assets need the same level of protection.  Most organizations don’t think that way; they see security as a single, across-the-board, ubiquitous solution.  People often think if they have a firewall and anti-virus in place, they’re secure. Others believe no one is targeting them. In both cases, nothing could be farther from the truth. If all you have is traditional antivirus and a firewall, you might as well give your information away – and you might be doing just that. Once a threat moves beyond the firewall, you lose visibility and control of that threat, and that can happen as innocently as having an employee who unwittingly plugs a USB infected with malicious code into their desktop or laptop.  The biggest unpatched security vulnerability you have is your people.  And even if your organization isn’t high profile, your unsecured IT can become a back door for cybercriminals trying to break into your partners’ or clients’ systems. The solution is to develop and implement a comprehensive security program that spans the entire attack continuum – before, during and after an attack.”

This is why, Logicalis experts say, it is critical to know what you are trying to protect against.  A common acronym used among security professionals is CIA, which stands for Confidentiality, Integrity and Availability.

  • Confidentiality is primarily associated with protecting the assets that would cause the client harm if they were disclosed – think patient records in a hospital setting or credit card numbers on a major retail site.
  • Integrity is about ensuring data remains accurate and unaltered – patient prescription information is a good example.
  • Availability is about ensuring that business-critical assets are accessible when needed – consider the importance of medical personnel knowing a patient’s allergies.

To develop a plan that meets CIA objectives, Logicalis suggests organizations embrace two important truths: First, because cybercrime has proven to be a highly profitable venture, everyone has valuable information that criminals want.  And second, eventually, every business will experience some sort of breach.

Before designing and implementing security solutions to mitigate those risks, Logicalis suggests organizations partner with a solution provider experienced in security measures that can perform a vulnerability assessment to identify areas where the organization’s attack surface can be reduced.  Also helpful, the company says, is examining services like Logicalis’ Managed Security offering which can help IT pros focus on their business rather than being distracted by varying degrees of cyber threats and related security posture changes.

“Businesses often put off creating comprehensive security solutions because they fear the price tag, but there’s no need for that,” says Jason Malacko, IT security expert, Logicalis US.  “It’s true that there is no silver bullet.  Security is a process, not a product. People who want to find the ‘one thing’ that will protect their entire organization won’t find that because it doesn’t exist.  That’s because, with mobility and IoT, there is no single perimeter to protect anymore.  Security is more complex than that, and it’s our job as security experts to take that complexity out of the equation while helping our clients protect their digital assets as fully as possible.  But that doesn’t mean people have to deplete their budgets; the key is to match the solution to the client’s actual – rather than perceived – business needs. No one should buy a $1,000 safe to protect a $100 bill.”

10 Security Questions Every CIO Must Be Able to Answer

Cybercrime is an insidious business; it happens in plain sight, avoids detection and causes damage quickly.  There are even cybercrime-as-a-service offerings available to criminals who lack the technical know-how to reap the big jackpots capable of totaling tens of millions of dollars.  So, how do you prepare your organization to overcome an eventual attack? According to Logicalis, the solution begins by answering 10 important questions:

  1. If you knew that your company was going to be breached tomorrow, what would you do differently today?
  2. Has your company ever been breached? How do you know?
  3. What assets am I protecting, what am I protecting them from (i.e., theft, destruction, compromise), and who am I protecting them from (i.e. cybercriminals or even insiders)?
  4. What damage will we sustain if we are breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Have you moved beyond an “inside vs. outside” perimeter-based approach to information security?
  6. Does your IT security implementation match your business-centric security policies? Does it rely on written policies, technical controls or both?
  7. What is your security strategy for IoT (also known as “the Internet of threat”)?
  8. What is your security strategy for “anywhere, anytime, any device” mobility?
  9. Do you have an incident response plan in place?
  10. What is your remediation process? Can you recover lost data and prevent a similar attack from happening again?

Want to Learn More?

About Logicalis

Logicalis is an international IT solutions and managed services provider with a breadth of knowledge and expertise in communications and collaboration; data center and cloud services; and managed services.

Logicalis employs over 4,000 people worldwide, including highly trained service specialists who design, deploy and manage complex IT infrastructures to meet the needs of over 6,500 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM, EMC, NetApp, Microsoft, VMware and ServiceNow on an international basis. It has specialized solutions for enterprise and medium-sized companies in vertical markets covering financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, helping customers benefit from cutting-edge technologies in a cost-effective way.

The Logicalis Group has annualized revenues of over $1.5 billion from operations in Europe, North America, Latin America and Asia Pacific and is one of the leading IT and communications solution integrators specializing in the areas of advanced technologies and services.

The Logicalis Group is a division of Datatec Limited, listed on the Johannesburg and London AIM Stock Exchanges, with revenues of over $6 billion.

For more information, visit www.us.logicalis.com.

April 19, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.