In 2017, the WannaCry ransomware was released in the wild. It wreaked havoc around the world due to a previously unknown vulnerability. This vulnerability was actually found and exploited by the United States National Security Agency (NSA) and was named EternalBlue. It was stolen from the NSA by a hacker group known as the Shadow Brokers and then released to the world. Cybercriminals used EternalBlue for ransomware attacks. Microsoft released an emergency patch for the vulnerability but now two years later, organizations are still being hit with ransomware using the vulnerability. A recent report by Armis found that 40 percent of healthcare organizations had been attacked using this same vulnerability within the last six months.
A new report by security research firm, Armis, has found that in the last six months, 40% of all healthcare organizations have suffered ransomware attacks from WannaCry. Armis analyzed data and found that 40% of healthcare organizations had been attacked by the WannaCry within the last six months.
To create the report, Armis set up computers known as honeypots. These devices are computers set up to look like a device with a vulnerable version of Windows on it. It is then placed on the Internet and the researchers waited for the attacks to come. They didn’t wait long and very soon the machine was infected. By setting up honeypots like this, Armis was able to capture many different variants of ransomware for analysis. This gave the researchers a realistic view of how these infections occur.
Ransomware attacks rely on vulnerabilities in systems
One of the reasons healthcare organizations are targeted by these types of attacks is because healthcare often relies on a large number of older systems known as legacy systems. These systems are not often patched if patches are even made available. In this case, Microsoft released a legacy patch to help stop the spread of WannaCry.
The other reason for healthcare to be targeted is that healthcare organizations, especially smaller practices without IT people on staff, often don’t keep up with patches for their software. Even though the patch for this vulnerability was released over two years ago, they are still happening. WannaCry utilizes a vulnerability in the remote desktop protocol in Windows workstations. The patch released by Microsoft closes this hole to attackers. However, if the patch isn’t installed, the vulnerability still exists and can be exploited by WannaCry and other similar malware.
Healthcare is slow to adopt new software and currently, Windows 7 or older versions, are being used in around 70% of healthcare organizations. Windows 7 will move off of support in January 2020. After that, Microsoft will no longer issue updates or patches to the software. This means that between now and January 2020, a lot of organizations will need to migrate off of Windows 7 to Windows 10.
New vulnerabilities are found regularly and this makes keeping systems patched and up to date that much more important. Ransomware attacks rely on finding a way into a network.
Adopt a patch management system for your practice to defend against attacks
A ransomware attack can be extremely costly for practices. The possible HIPAA breach fines are only a small part of the issue. Lost patient confidence, patient lawsuits, and bad publicity can be far more damaging to a practice.
One of the best ways to prevent these sorts of ransomware attacks from occurring is to keep your systems patched and up to date. This requires keeping on top of the patches that are issued by Microsoft and your other software vendors. Windows Update can help here but there have been several Windows 10 updates that, once installed, made machines unbootable. In addition, in the default settings, Microsoft uses your network to help it distribute updates to other Windows 10 users. This can potentially use a lot of your network’s internet bandwidth.
For smaller networks, Windows Update may be the way to go. But for practices with more than 5 computers, this process should be handled with more care. It’s best to research the patches when they are made available to see if other users are having issues. If you feel the patch is safe for your environment, install them. If Microsoft releases an emergency patch as in the case of WannaCry, its best to install those ASAP.
Also, don’t forget your other software such as your EMR or practice management system. These should also be kept current with the latest patches or releases.
Keeping your software current and up to date is a critical component of HIPAA compliance. Not only do you stay on supported versions of the software, which is required under HIPAA guidelines, you keep your data safe. Adopt a system for practice that keeps your computers patched and updated. Doing so could save you from an expensive and embarrassing ransomware attack. Suffering an attack from an exploit that was patched more than two years ago is irresponsible to your patients and your practice. It’s easily avoidable with proper patch management.