As many customers, friends, and colleagues in over 150 countries experienced last Friday, the threat of ransomware is real. Aside from the progressively growing ransom costs and associated operating losses, the WannaCry ransomware demonstrated both how critical and vulnerable our data is. Nowhere is this more important than in the clinical care environment.
For those of you who are working to contain a breach or concerned about WannaCry, we encourage you to take the following steps:
- Immediately block any inbound traffic where SMB is publicly accessible via the internet (ports 139, 445)
- Patch all Windows systems with the patch update Patch Details- MS17-010.
- Disable SMBv1 in Windows Systems
Though the threat of the WannaCry ransomware has been reduced and its progression slowed, the risk of similar attacks now looms large. We currently aware of more than 225 types of ransomware attacks; however, exploits, like EternalBlue, are sufficiently common to guarantee this will not be the last such attack. With clinician capability and patient lives on the line it’s critical, now more than ever, that we take a proactive approach to reducing future risk.
If you have not already, we strongly encourage you to undertake the following:
- Ensure a multi-location, hybrid media data backup program in place and active
- Ensure downtime policies are established, updated, tested, and distributed throughout your organization
- Perform Security Assessments & Audits to identify Information security posture & associated risks
- Review the current operating environment (hardware and software) to ensure it is patched and updated
- Develop a consistent approach or deploy a patch management solution to maintain and update your operating environment
- Evaluate current threat monitoring capability to ensure both novel and established threats can be quickly and decisively identified
- Evaluate incident response policies, procedures, and capabilities to reduce the latency between identification of threat and response
- Evaluate automated, real-time dynamic threat response capabilities to reduce the risk from zero-day attacks, trojans, rootkits, and phishing
- Ensure communication between critical assets is secured to protect against Man-In-The-Middle (MITM) & DDoS attack
We can be certain this is not the last attack we will see, ransomware or otherwise; however, by looking at WannaCry as an opportunity to critically evaluate and increase the security of the care environment, we can significantly reduce the risk and impact of subsequent attacks. In so doing, we can reduce the risk to ourselves, our clinicians, and, most critically, our patients.
If you’d like to discuss your security concerns, security strategy, or learn more about reducing risk in your environment, please contact HCI here.