hot topics

As our society continues to advance, we are constantly reminded that we must continuously upgrade and develop new technologies to assist us in meeting these new challenges. The flip side of this dilemma is that there are other entities within our society that attempt to take advantage of these developments and profit financially from them. With the recent spate of ransomware attacks that have plagued many computers throughout the world, we are reminded that we must be more diligent in protecting the heart of our businesses – the IT equipment. Ransomware has been with us for years and some programs may still be or have been imbedded on our systems before being activated by coded or timed events. The latest series of attacks that occurred worldwide is just an example of the many operational and financial issues that they create. This latest ransomware attack first appeared on May 12, 2017 “Wannacry” was used to exploit a vulnerability first noted in the Windows operating system software, installed in many computers around the globe, allegedly discovered by the NSA and “lost” to the hacker community. Windows did find this vulnerability and developed a patch to correct. Unfortunately, a number of organizations and individuals did not install this patch and, as a result, were left exposed and at risk to this ransomware attack. The majority of these organizations affected were located in Europe with a few exceptions in the US. What is known about the Wannacry ransomware virus:

·      Wannacry will search an infected system and encrypt up to 200 different file types on the system and appends. WCRY to the end of a file. It will demand that the affected user pay a $300 ransom in internet currency called bitcoins. These bitcoins are difficult to trace back to the ultimate recipient. This “ransom note” states that if payment is not received within a certain period of time, usually 3 to 5 days, the demand will double. If payment is still not made than the data will be deleted;

·      In most cases, the Wannacry virus can impact on data stored on a desktop, thumb drives and external drives. Encrypted files are more than likely unrecoverable.

·      Computers linked to networks that have been affected will more than likely  be subject to  this attack;

·      Confirmation of how this virus infects computers has not been determined;

·      Payment of the ransom may not be the end to a company’s or to an individual’s problem since there is a possibility that another version of this virus could have be imbedded in the system as a “sleeper” virus and be “awaken” at some future date. Apparently, approximately 200 individuals or organizations have paid the ransom totaling approximately $55,000. With this success by unknown individuals, there should be an expectation of renewed efforts in the coming months to exploit additional funds.

 

Some Common Sense practices:

 

·      Email links and attachments should not be opened from unknown sources;

·      Some hackers have, at times, hijacked the systems of other trustworthy organizations and all requests should be scrutinized, especially requests that macros be enabled. An internet search or contact with the software vendor should be imitated;

·      Software updates should not be ignored. Operating systems and other software should be frequently updated. Software updates from trustworthy vendors will include software patches to address potential security risks that could be exploited by ransomware attackers;

·      Routinely back up files to multiple devices in the event of potential problems. Always maintain a minimum of 3 backup copies on different devices. Backup copies should be stored off line and possibly off site. Never keep external drives or thumb drives continuously attached to a major drive.

 

The healthcare environment, consisting of physician practices, FQHCs, legal firms, accounting firms, banks, etc. are especially vulnerable in these situations as a result of hackers accessing confidential systems. It is still too early to determine the potential liability that these and other organizations may be exposed to, however, the HIPAA legislation will cover some if not all of these entities. HIPAA is overseen by the Office of Civil Rights and violations of the regulations are pursued very aggressively. A minimal penalty for any violation begins at $150,000. Any organization that pays a “ransom” to these hackers and an organization that has received a ransom demand and not report it as a “breach” may be potentially liable for major fines and penalties. Each affected organization should seek advice from outside counsel.

 

Some recommended safeguards that organizations should follow, as provided by the law firm of Baker Donelson:

 

·      Review your cyber liability insurance coverage to ensure adequacy. Make sure your insurance policy panels allow you to work with attorneys and vendors you trust;

·      Run a tabletop exercise on a ransomware attack. Immediate response and strong downtime procedures are key to surviving any attack. Be sure any practice exercises include simulating the use of backup systems – including paper-based procedures;

·      Your risk assessment and risk management plans should factor in medical devices as risks that must be managed;

·      Perform due diligence on all device vendors and business associates;

·      Do not house/manage your workforce emergency communications systems on the same IT platform as your other medical records and devices systems;

·      Be sure to review and implement the most recent manufacturer guidelines for data security and data wiping of medical devices between users.

 

Executive Resource’s is prepared to assist our clients, associates and friends on the best approach in countering this latest attack on their operations. Our team of specialists who can provide assistance in this area.

 

 

 

 

Contact us, and we'll be happy to tell you exactly how we can address your particular institutional situation.