Recently, Mac McMillan, CEO of CynergisTek, wrote a guest blog post for HealthcareITNews about malware attacks targeting healthcare after the recent Hollywood Presbyterian Medical Center (HPMC) security incident. In this post, he provides his thoughts on the HPMC incident and the actions it took to return systems back to to service. He points out that often it is discouraged to pay the ransom to hackers because you never know if they are actually going to give you the decryption key and it only encourages other hackers to mimic the attack. However in the HPMC incident, McMillan points out that, “The hospital in this case applied practical triage logic to the patient and took the hand to save the arm. I think it is basically unfair to second guess their decision, after they were faced with more than a week of downtime, and were facing potentially longer disruption and mounting costs.”
McMillan suggests that as an industry, “there needs to be a fundamental shift in our thinking about security today” and it should start with detection of security incidents and how to respond to them. He then points out there are many challenges, such as, “weak access controls, patching and change control processes, irregular testing and assessment; lack of external review; and inadequate oversight or governance.”
Additionally, he explains that malware and ransomware are not new threats, but there is a new ransomware called “Locky”. It was first reported mid February, and shortly after being identified researchers saw upwards of 4,000 new infections per hour, or approximately 100,000 per day. It is spread when recipients click on the Microsoft Word attachment that contains scrambled content and gives instruction to click on an Office macro to unscramble it. Once enabled, the macro downloads Locky, stores it in the temporary folder and executes it. Locky infected thousands of machines before researchers and A/V vendors could develop a signature and update their systems.
McMillan closes the blog post with actionable best practices organizations can take to build a resistance to these cybersecurity threats such as awareness and education, vigilance, improved detection methods and being prepared. Click here to read the blog post in in HealthcareITNews and to read the rest of the suggested best practices to build resistance to the threat of malware.
For further summary of the HMPC incident, click here to read and download the notice that was sent to our customers in response to hearing several hospitals reporting that IT detected attempted malware attacks.