Original Publish Date: June 6, 2017
Although the most recent ransomware attacks took place outside of America it should not be ignored. The infamous, and appropriately named, WannaCry crypto-virus wreaked havoc in more than 60 countries and infected over 200,000 computers. A wide variety of industries were affected, many of which came to a screeching halt, including transportation, communications, and healthcare.
WannaCry and Ransomware have become household names and a focal point for many media outlets. However, many people still find themselves asking “What is ransomware and how does it work?” The watered down explanation is as follows. The WannaCry ransomware takes advantage of Windows systems that haven't been updated with critical security fixes, or “patches,” and attacks them which infects them with a crypto-virus that locks and encrypts the user’s data and renders the system useless. Although Windows released a security patch that would help correct this vulnerability in March 2017, many systems worldwide had not yet implemented the update, which made them a target for the attack. The crypto-virus then leaves a file accessible to the user demanding a ransom in exchange for a decryption key. The user has 3 days to pay $300 in bitcoin, an untraceable form of payment, and if the ransom was not paid within the 3-day time period it doubled to $600. Experts advise against paying the ransom because there is no proof the files will be decrypted.
You may have also heard about the discovery of an “accidental” kill switch discovered by cybersecurity analyst Marcus Hutchins. Marcus noticed that before WannaCry would infect a computer it would search for an unregistered domain. In other words, the crypto-virus would try to connect to a website that did not exist. A domain is registered by companies to prevent other companies, or competitors, from using it. For example, Google is a domain and www.google.com was registered by Google to prevent competitors from purchasing it. WannaCry searched for a specific domain that had not yet been purchased, or registered, and once it could confirm that the web address did not exist it would infect the computer. Marcus Hutchins stopped the initial spread of WannaCry by purchasing the domain WannaCry was using and registering it. Therefore, when WannaCry would try to search for the once non-existent domain, it would connect to the domain that Marcus purchased and stopped the virus from infecting the computer.
However, once Marcus registered the first WannaCry domain another version of WannaCry was released with a different unregistered domain. Fortunately, this was discovered and registered by a separate cybersecurity analyst. These killswitches along with Windows security patches have nearly stopped the widespread WannaCry ransomware. Although the threat is mostly contained at this point, WannaCry is lying dormant on many systems and could potentially be re-activated. Individuals and organizations must consider that other variations of malware and crypto-viruses are being created daily and it is just a matter of time before the next attack.
Healthcare organizations should take precautionary measures to prevent their systems from becoming victims of any future attacks immediately. A malware or ransomware attack, such as WannaCry, puts healthcare organizations at risk for HIPAA violations, which would result in reporting to the Office of Civil Rights (OCR) and a federal investigation of the incident. Not to mention it could shut down their operations. Here are some tips on how to help protect yourself, or your company, from a ransomware, or cyber security, attack:
Cyber security should not be taken lightly and the healthcare industry should have a healthy amount of fear regarding the potential for serious, and unprecedented, ramifications of a ransomware or cyber security attack. We have not seen the end of ransomware and the next time it hits it will be more sophisticated than the last attack. The clock is ticking; will you be ready?
HER 2.0 Webinar titled “How to protect against ransomware attacks” speaker: Craig Petronella
Greater Akron Chamber of Commerce “Morning Buzz” speaker Jay Mellon (CEO of AtNetPlus) speaking on cybersecurity on April 21, 2017.
Sarah is a Practice Manager at Medic Management Group, LLC. She earned her Bachelor’s degree in Health Care Administration at Kent State University and graduated magna cum laude. Since then she has worked exclusively with private practice physicians.
Sarah joined Medic Management Group in June 2015 and currently provides administrative oversight to a small practice, assists with new practice start-ups, and other client and corporate projects. She also provides clients with human resource management, payroll, and acts a supporting manager for other MMG Practice Administrators.