Since Friday, May 12, 2017, a major international ransomware attack affected 10,000 organizations and 200,000 individuals in 150 countries.   Named “WannaCry,” the speed, impact and global spread of this attack is unprecedented.  The federal departments of Health and Human Services and Homeland Security, along with the US Computer Emergency Response Team, have all issued alerts.  This ransomware encrypts most files on the infected computer, and demands a ransom payment for a decryption key.  The FBI urges that no users make a ransom payment.

Update Screen for Windows 7. All Organizations Should Verify that Systems are up-to-date.

This attack affects all versions of Microsoft Windows that have not been patched with Microsoft’s March 14, 2017 security update.  See Microsoft Security Bulletin MS17-010 for details.  If you have this update, you are not vulnerable.  So, if you have automatic updates enabled, and/or if you patch regularly, you are likely safe.  We recommend that you verify that all systems are up-to-date.  Microsoft has also taken the unusual step of issuing security updates for its discontinued systems, Windows XP and Windows Server 2003.  Review Microsoft’s Customer Guidance for WannaCry Attacks for access to these patches for obsolete systems.

As always, avoid opening an attachment that you receive via email unless you know it is safe, as this is the initial method of infection.  Once the malware infects a computer, it spreads both within the local network and throughout the broader internet.

Since the malware’s release on Friday, there have been multiple developments, and new variants of the ransomware have already been created.  For additional technical information and updates, we recommend that you consult security vendor Wordfence’s post “New WannaCry Ransomware and How to Protect Yourself”.

Ransomware is a global epidemic affecting all sectors of the economy, worldwide, including government and healthcare.  It has been widely reported that Britain’s National Health Service was disrupted by this attack.  See our post 2016: Hospitals targeted with Ransomware, patients harmed, losses incurred regarding impacts of previous ransomware attacks.  For advice on protecting against ransomware, please see Preventing and Mitigating Ransomware Attacks.  If you are regulated by the HIPAA regulations and are affected by this attack or any ransomware, see Ransomware Guidance from OCR to understand your obligation to report this breach under HIPAA.

Please feel free to contact us for more information.

About Gary Pritts

President, Gary Pritts

Gary consults in the areas of physician practice management, medical information systems, HIPAA compliance, health and productivity management and general business management.  Gary serves on the board of Lakewood Hospital, one of the Cleveland Clinic Regional Hospitals, and is a founder and past president of eHealth Ohio, and is active with numerous professional organizations.  He served as product development manager for the EDI clearinghouse division of Quadax, a regional clearinghouse, and  understands provider organizations from his 6 years as President and owner of Premier Rehab, a Medicare Certified Rehab agency with two Cleveland locations.  His computer background includes 15 years in various computer and computer service organizations.  He has a B.S. in Computer Science from Purdue University and an M.B.A. from Harvard Business School.

Security Alerts: Eagle Healthcare IT & HIPAANews

Security Alerts: Eagle Healthcare IT & HIPAANews

Receive the latest news and updates from the Eagle team.

You have Successfully Subscribed!

Pin It on Pinterest