[BreachExchange] Ransomware Wreaks Havoc in 2017

Audrey McNeil audrey at riskbasedsecurity.com
Thu Feb 8 18:49:05 EST 2018


Ransomware dominated the healthcare industry in 2017, with six of the top
ten breaches reported to the U.S. Department of Health and Human Services a
direct result of the malicious software. An article on Security Current
looks at some ransomware attacks from 2017 as well as steps you can take to
help avoid becoming a victim.

What is ransomware?
In a ransomware attack, access to your computer systems or files are
blocked by the attacker using encryption. These important files are kept
locked and held for ransom until the victim pays the requested ransom, at
which time the attacker may or may not give the victim the encryption key
to recover their data. Even if the individual or organization recovers
their data in a ransomware attack, there is no guarantee that the
cybercriminal did not steal their data prior to encrypting it.

Why is the healthcare industry a target for cybercriminals?
It is safe to say that the healthcare industry has become a prime target
for cybercriminals, but why? One reason may be that organizations holding
health data tend to lack a mature security posture compared to other
industries, such as finance. Another reason cybercriminals target the
healthcare industry is simply due to the value of medical records, which
are often more valuable than transient data such as credit card numbers.

In addition, medical facilities rely on access to their patient data around
the clock as part of their everyday workflow. When access to critical data
is unavailable, patient lives can be at stake, so restoring data in a
medical facility is vital following an attack.

Ransomware in 2017
Airway Oxygen, Inc. knows firsthand the trouble that ransomware can cause.
In 2017, the organization fell victim to a ransomware attack that affected
500,000 individuals when their technical infrastructure was compromised by
unidentified cybercriminals. Purity Cylinder and Airway Oxygen, two
affiliated companies were denied access to their data as a result of the
attack. PHI involved in the breach include payment information for their
customers, names, addresses, phone numbers, dates of birth, diagnosis’,
health insurance information and the type of service the individual was

Another notable ransomware attack in 2017 occurred on Urology Austin,
affecting 279,663 individuals. In this attack, data stored on the
organization’s servers was encrypted, with the investigation indicating
compromised PHI may have included names, addresses, dates of birth, social
security numbers and medical information.

How can you minimize the likelihood and impact of a malware/ransomware

- Keep anti-virus and anti-malware installed and up to date across systems
- Keep systems patched and current
- Backup your data off your network as frequently as possible and
periodically test your backup process to ensure you can recover all data
using backups
- Utilize Group Policy Objects (GPO) restrictions
- Restrict administrative rights across all systems
- Utilize a Secure Internet Gateway on and off the network
- Block users from installing anything on their own
- Utilize a Data Loss Prevention solution and actively monitor it
- Utilize Endpoint Protection and actively monitor it
- Invest in your Information Security program
- Establish routine security awareness training and campaigns

With ransomware growing rapidly, it is important to take the proper steps
to ensure your organization does not fall victim and become another
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180208/1bbd7625/attachment.html>

More information about the BreachExchange mailing list