Need Reliable Computer Support & IT Services? (703) 493-1796
Need Reliable Computer Support & IT Services? Call NOVA Computer Solutions at (703) 493-1796
Ransomware and Malware Threaten Patient Safety.
Not only are healthcare organizations at risk due to cybercrime, so are their patients. Imagine having to turn away patients because your computers are shut down due to a ransomware attack. Or, having to “blindly” treat your patients because you can’t access their medical records unless you pay criminals a ransom. A ransomware attack can […]
Ransomware and Malware Threaten Patient Safety.
BYDaniel De Steno|January 30, 2018|Business IT Articles, News, and Tips
Not only are healthcare organizations at risk due to cybercrime, so are their patients. Imagine having to turn away patients because your computers are shut down due to a ransomware attack. Or, having to “blindly” treat your patients because you can’t access their medical records unless you pay criminals a ransom. A ransomware attack can halt your workflow, data processing and jeopardize your ability to properly treat your patients.
Patient data is now a popular target for cybercriminals. It can easily be monetized, making healthcare organizations and practices increasingly vulnerable. Believe it or not, ransomware poses even larger risks to patients than failure to properly disinfect medical devices. According to the ECRI Institute:
“This is the first year ransomware has been included in the ECRI Institute’s Top 10 Health Technology Hazards list,” says Juuso Leinonen, senior project engineer at the health devices group. “Cybersecurity topics have been covered in the past, but this is the first year a cybersecurity topic has been ranked No. 1 on the list.”
A New Ransomware Threat–”Defray”
Cybersecurity experts discovered a new ransomware threat that targets healthcare organizations. Defray uses Microsoft Word attachments in emails to infect a network. In one instance it attacked a hospital in the U.K. using an attachment entitled “Patient Report.”
The email looked legitimate because it included the hospital’s logo and the name of the director of information management. Once the attachment was opened, the victim’s files were encrypted.
Defray includes a note asking for $5,000 in bitcoins to return the encrypted files. It also suggests a victim contact them via three email addresses if they have any questions, doubts or want to negotiate. The email addresses contained domains from Russia, Germany, and Switzerland.
There are no tools available to restore files encrypted by Defray. The only thing you can do is restore your files from a recent backup. Unfortunately, some healthcare providers aren’t doing all they can to prevent ransomware attacks, or even backup their data properly in the event their patient information is held ransom.
Medical Devices Are Also Under Attack.
According to a May 2017 article in Forbes, medical devices were hit by ransomware for the first time In U.S. hospitals:
“When the NSA cyber weapon-powered WannaCry ransomware spread across the world this past weekend, it infected as many as 200,000 Windows systems, including those at 48 hospital trusts in the U.K. and so-far unnamed medical facilities in the U.S. too. It wasn’t just administrative PCs that were hacked, though. Medical devices themselves were affected too.”
The Food and Drug Administration is especially concerned about the safety of medical devices. Suzanne Schwartz, M.D., associate director for science and strategic partnerships at the FDA’s Center for Devices and Radiological Health, writes:
“A computer virus or hack resulting in the loss of or unauthorized use of data is one thing. A breach that potentially impacts the safety and effectiveness of a medical device can threaten the health and safety of an individual or patients using the device.”
Manufacturers, hospitals, and other facilities must work to prevent these pervasive cybersecurity threats. With the development of innovative technologies, protecting patients’ safety from malware attacks must be a priority. However, this is difficult when hospitals and healthcare centers use many different types of medical devices from a multitude of vendors.
The Solution? – A Defense-in-Depth Strategy
Mitigating the risk of data breaches and malware infections requires professional IT service and support from experts who are up to date on the latest cybersecurity threats and who utilize defense-in-depth strategies.
Originally coined in a military context, the term refers to an even more comprehensive security strategy approach than layered security. If one layer of protection is breached, the attack can be defended with one or more of the other layers. Layered security is only one part of a defense-in-depth strategy.
Defense in depth addresses a broad range of tactics to mitigate ransomware and other threats to data security. It comprises:
Monitoring, alerting, and emergency response,
Accounting of authorized personnel activity,
Disaster recovery,
Reporting of criminal activity, and
Forensic analysis.
Defense-in-depth security means recognizing that no one security solution is ever enough for healthcare organizations. The best cyber security experts find the right combination of new and tried-and-true techniques and tools that address the organization’s unique security and privacy requirements.
The diagram below depicts the guidelines suggested by the International Standards Organization’s ISO 27001 and ISO 27002 for Information Systems Management Security and Security Techniques, and principles such as the American Institute of CPA’s Generally Accepted Privacy Principles (GAPP) to determine security and privacy requirements.1
Only with a multi-layered, defense-in-depth strategy can healthcare organizations guard against patient safety infractions and best address the ever-increasing and evolving forms of ransomware.
Hopefully, this won’t happen, but if your hospital or healthcare facility is ever victimized by ransomware, be sure to contact the HHS for guidance.
For more information about Ransomware and Defense-in-Depth protection for your organization, contact NOVA Computer Solutions at info@novacomputersolutions.com or (703) 493-1796.
1. Intel: “Health Information at Risk: Successful Strategies for Healthcare Security and Privacy”
Schedule you free consultation by filling out the form below.
NOVA-MAINTAIN Program Terms and Conditions
This Agreement was entered between NOVA Computer Solutions L.L.C. referred to as “NOVA” and the above referenced client also referred to as “Client”. The parties agree to abide by the terms and conditions as set forth in this agreement.
Period of the Agreement: This Agreement is effective as of the contract effective date and remains in effect for 36 months. The contract is renewed automatically after the initial 36 months on a 12 month basis. Upon termination there shall be no refund or credits allowed.
System Maintenance Services: Professional services include, but are not limited to time spent – either at Client or NOVA’s site. (a) Exclusions: Unless so specified, the Covered System does not include any cabling, or any wiring external to the Covered System, telecommunications devices (including modems), peripheral equipment, software. In no event shall the Covered System include removable magnetic or optical media, ink ribbons, toner cartridges, paper or other supplies, expendables or services.
System Maintenance Services: NOVA shall perform Virtual Maintenance Services at least once per month. If client experiences a Major Alarms the client will notify NOVA by telephone. Client shall cooperate with NOVA’s reasonable requests for assistance to determine the cause of the reported problem and whether an on-site Maintenance Service visit is required. NOVA may assist Client with additional services outside the scope of the Maintenance Services. This assistance will be billed at NOVA’s prevailing hourly rate.
Fees: The monthly Fee shall be invoiced in full at the beginning of every month. Any other amounts due hereunder, including the applicable Surcharge Rate or any reimbursable out-of-pocket costs, shall be invoiced monthly as well. The rate for additional time needed per month for System Maintenance Services will depend on the package you select. No Travel Cost Within in 25 Miles of Primary Support Office, Discounted Rate for over 25 miles.
Certain Client Responsibilities: Client shall ensure that: (I) all software and hardware is installed and operated according to applicable manufacturer specifications; (ii) all upgrades and releases have been properly installed; (iii) a uninterrupted and suitable power supply and other environmental conditions have been implemented and maintained; (iv) suitable surge protection devices have been implemented; (v) no other equipment or software having an adverse impact on the system have been introduced; (vi) no repair attempts or other changes have been made other than by or with the express approval of NOVA or the applicable manufacturer, (vii) the systems haven’t been mishandled, neglected, abused, damaged by fire, lightning or water, or otherwise subjected to unusual electrical or physical stress (viii) Client periodically makes and stores in a safe place archival copies of all software and all valuable data. (a) Failure to Comply. NOVA may refuse to provide Service or may treat any such work as Other Billable Maintenance Service at NOVA’s prevailing hourly rate.
Cancellation Policy: NOVA or Customer may cancel this contract for any reason with 90 days written notification.
Limited Warranty: Client must notify NOVA of any dissatisfaction, problems, or concerns within 3 days of the date the services were provided. Client will grant NOVA a reasonable amount of time to resolve problem to Client’s satisfaction. NOVA represents and warrants that it will use its best efforts to perform Maintenance Services in a competent and workmanlike manner.
Limitation of Liability: NOVA shall have no liability or responsibility to Client or any other person or entity with respect to any liability, loss, or damage caused directly or indirectly by a manufacturer or third party equipment or programs sold or provided by a manufacturer or third party. This includes, but not limited to, any interruption of service, loss of business or anticipatory profits, or consequential damages resulting from the use or operation of the equipment. NOVA shall not be liable for any loss of data at any time, under any circumstances. Client is responsible for backing up all its data before NOVA performs any service.
Late Charges, Collections and Attorneys’ Fees: Client will be charged $40.00 for each returned check. Client will be responsible for all attorney fees and costs incurred and collection fees. Any late payment shall be subject to any costs of collection, reasonable legal fees and shall bear interest at the rate of eighteen (18) percent per month or fraction thereof until paid. Client shall pay amounts invoiced under the terms of this Agreement within seven (7) days after receipt of invoice. In any dispute, action, arbitration, bankruptcy, probate, or administrative or judicial proceedings, or any settlement thereof, NOVA shall be entitled to recover attorney’s fees and costs.
Fee Increases: This contract has an automatic 5% increase yearly and NOVA reserves the right to revise fees at any time. NOVA will provide the Client of the updated fee’s, other than the automatic yearly increase, fifteen (15) days prior to the next month’s invoice.
I / We have read and understand the Terms and Conditions above and agree to be bound by them by digitally accepting the attached quote for services.
Free Dark Web Scan to Reveal Your Leaked Passwords