In May of 2017, a WannaCry Ransomware – a malicious computer virus – affected over 200,000 systems in 150 countries all over the globe. A type of virus such as WannaCry blocks access to files on a computer while cybercriminals demand a monetary ransom to decrypt the files and grant access to user data.
On June 27, 2017, a new ransomware attack was reported by several sources
According to photos posted to Twitter and information posted by various sources, many of the alleged attacks involved a piece of ransomware that displays text that begins with “If you see this text, then your files are no longer accessible because they have been encrypted.”, red letters on a black background, and demands $300 worth of bitcoin ransom.
It is believed this ransomware strain is known as Petya (Petrwrap), a highly sophisticated strain similar to WannaCry, taking advantage of the EternalBlue exploit without a kill-switch.
This ransomware takes advantage of a vulnerability in the SMB data-transfer protocol. Microsoft has issued a patch for this vulnerability, but it is up to the end users and their local IT Services provider to apply that patch.
Authorities and cybersecurity professionals were forecasting an increasing fallout in the days and weeks after the WannaCry incident, and this new strain of Ransomware will not be an exception: the number of victims is expected to grow. Healthcare organizations are particularly vulnerable to cyberthreats as they are at a greater risk potentially facing HIPAA violation if patient information is exposed to third parties through hacking. Department of Health and Human Services has been continuously issuing cybersecurity alerts to medical services, healthcare organizations, and other businesses, warning of attacks and suggesting steps that needed to be taken to minimize the risk associated with Ransomware.
powersolution.com recognizes this cybersecurity issue and uses many technologies to help prevent infections from known and emerging threats, and to protect our clients with several layers of security measures.
Businesses and organizations need to implement data security measures to reduce and minimize the risk of ransomware and malware hacking attempts
- Update your Windows/System platform and apply up-to-date security patches.
- Make sure you have proper anti-virus software installed, updated.
- Set up a schedule for regular auto-scans of your computer network systems.
- Regularly back up your systems’ data.
- Do not open questionable email or attachments.
- Ensure annual or semi-annual “penetration tests” for your network’s security.
- Educate and train your employees on a cybersecurity protocol.
- Create, maintain and enforce a cybersecurity policy.
Important HIPAA Breach Notification Rules to remember:
Compliance with the HIPAA Security Rule helps healthcare providers and business associates prepare for ransomware attacks. Respond appropriately if systems are compromised and data are encrypted is crucial. OCR Fact Sheet on HIPAA and ransomware attacks can guide covered entities on actions in case of a cybersecurity breach. Here are a few important takeaways:
- Ransomware attack that involved the encryption of patients ePHI is presumed to be a HIPAA breach
- All covered entities (providers and business associates) must report attacks within 60 days, as is required by the HIPAA Breach Notification Rule.
- Breach reports– and patient notifications – are required if data has been compromised that have not been encrypted by the entity to NIST specifications.
- In the event of a breach, covered entities should submit details of the incident to the FBI’s Internet Crime Complaint Center and report the incident to US-CERT.
- Reporting ransomware attacks to other federal organizations or law enforcement bodies does not constitute a HIPAA-compliant breach report.
- OCR must be notified of the incident separately.
- IMPORTANT: HIPAA Privacy Rule does not permit the sharing of PHI. When cyber threat information is shared with federal agencies, law enforcement, or an Information Sharing and Analysis Organization (ISAO), covered entities must ensure that PHI is not shared. Doing so would be a HIPAA violation and could result in action being taken against the organization in question.
Healthcare organizations were also reminded that they can approach The Department of Homeland Security with a request for an unauthenticated scan of their public IP addresses. US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides 3rd-party perspective on a cybersecurity condition and can conduct a broad assessment scanning for known vulnerabilities. The service allows healthcare organizations to take actions to reduce a risk of vulnerabilities exploitation by malicious individuals. Requests by healthcare professionals can be emailed to NCATS_INFO@hq.dhs.gov
Are you an SMB in New Jersey looking to improve your network security and boost your IT operations?
Give us a call right now at (201) 493-1414 x 311 to request a consultation.