Features Navigation

Get Live Chat Request a Callback Get live demo

← Back

Fighting Ransomware: A Success Story

Patient Experience

When the HHS Office for Civil Rights released the HIPAA guidance on ransomware in the summer of 2016, collectively the health care community sat up and took notice. The guidance (found here) outlines various activities required by HIPAA that assist organizations in the prevention and detection of threats. One of the key activities listed in the guidance is completing an annual Security Risk Analysis.

As an Auditor at HIPAA One®, my goal is to dot every “i” and cross every “t” to ensure a comprehensive HIPAA Security Risk Analysis. By utilizing the HIPAA One® Security Risk Analysis (SRA) tool, I am able to guarantee compliance, automate risk calculations and identify high-risk technical, administrative, physical and organizational vulnerabilities.

Recently, I was on-site with one of our clients, which I will call “Care Health” to preserve their confidentiality, working on organization-wide identity protection. Care Health utilizes our SRA to safeguard their critical data and provide security and protection from Ransomware, malware and the proverbial “sophisticated malware attacks”.

While at the Care Health office, two staff members in the Billing department were utilizing shared files in a network-mapped drive (e.g. N: drive). One of the staff members noticed new files were being spontaneously created and the file icons in the network folder were changing. By watching the changing file names, the staff member noticed one showed up as ransom.txt.

Acting quickly, she contacted the IT Helpdesk for assistance. The Helpdesk had been trained to triage all security-related service-desk requests immediately to the HIPAA Security Officer (HSO). Upon being notified of the issue, the HSO logged-into the N: shared drive and found their files were slowly being encrypted!

How do you stop a Ransomware attack?

Promptly, the HSO ran Bitdefender full-scans on the Billing department computers and found nothing. He then installed and ran Microsoft’s built-in Windows Defender, which has the most current malicious software removal utilities on Server 2012 and found Tescrypt. Installing Windows Defender on the two desktops not only detected the encryption, but also removed it.

This specific Ransomware variant had somehow infected the system and was systematically encrypting these files.  Thankfully, the quick-acting team at Care Health recognized the attack and stopped the Tescrypt variant before any patient data was compromised. Following the incident, backups were used to restore the few-dozen encrypted files on the network-drive. Due to appropriate safeguards and training, the Care Health team was ready and a crisis was averted.

Upon a configuration review of Care Health’s security appliances, WebSense was configured to allow “zero-reputation” websites through.  Zero-reputation websites are new sites without a known reputation and are commonly used by hackers to send these types of attacks. At Care Health, the Ransomware apparently came from a valid website with an infected banner ad from a zero-reputation source. The banner ad was configured to trigger a client-browser download prior to the user being allowed to see the valid web page. This forced website visitors to download the executable virus from the banner-ad and unknowingly install the Ransomware on their local computer. Once downloaded, the Ransomware would begin encrypting files in high-lettered network-drives.

Next steps…

Unfortunately, Ransomware is here to stay and the number of attacks are rising. Now more than ever, it is critical that health care organizations have updated policies and procedures in place to prevent these attacks and a comprehensive user training and awareness program. Let the Care Health incident be a reminder that a well-trained employee is an organization’s best defense against Ransomware, Phishing and sophisticated malware attacks.

The HIPAA One® software suite offers an automated approach to implementing and maturing your organization’s HIPAA Security Compliance Program. To learn more, visit us at  http://www.hipaaone.com/contact/



Topic: Patient Experience


Other Resources Related to This Topic


Patient Experience

Intake Forms Demo

Get secure self-service patient intake and reduce manual data entry and paper filing with our...

Patient Experience

Patient Portal Demo

Our patient portal offers convenient patient access to personal health information and records with easy...

Business

10 Must-have Technologies for Boomer Care

The first baby boomer wave has hit the healthcare beach and the second is on...

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›
Estaban Lavato, MD - La Loma Medical Center

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›