Despite being a year-and-half old, WannaCry still remains the leading ransomware attack seen in the wild, according to a new report.
For ASCs struggling to manage their information technology (IT) while maintaining cyber security and compliance, partnering with a managed services provider (MSP) might provide needed relief.
A Chinese actor was spotted in the wild attacking Adobe ColdFusion servers. The group appears to have reverse-engineered an Adobe security patch to quietly upload a variant of the China Chopper backdoor on unpatched servers and take over the entire system.
Description: Microsoft released its monthly security update, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 53 vulnerabilities, 11 of which are rated "critical," 40 that are rated "important” and one “moderate” and “low” vulnerability, each. The advisories cover bugs in the Chakra scripting engine, Microsoft Outlook and DirectX. This update also includes three advisories. One covers vulnerabilities in Adobe Flash Player, and another covers important bugs in the Microsoft Surface tablet. Additionally, there is guidance for how users should configure BitLocker in order to properly enforce software encryption.
According to a statement issued by Albany, N.Y.-based St. Peter’s Surgery & Endoscopy Center on Jan. 8, 2018, an unauthorized third party possibly gained access to approximately 135,000 patient records at their facility.
The key words here are “unauthorized” and “possibly,” meaning that St. Peter’s knows by the presence of malware on their server that someone with access may have knowingly or unknowingly allowed malware to be loaded through vectors of infection including web, email and/or a USB drive. The vector of infection also could have been via network worm or remote access if it was not secure. It is disquieting because there has been no traceable activity in regards to the patient’s electronic files: it can’t be proved one way or another.
As frightening as this potential breach of patient’s records is to St. Peters and patients, it does provide an opportunity to bring up some preventative strategies to improve the health of your IT network.
As a managed IT services provider specializing in HIPAA security, and a member of both the New York State Association of Ambulatory and Surgery Centers (NYSAASC) and the national Ambulatory and Surgery Center Association (ASCA), SkyPort IT regularly educates our clients about cybersecurity services and tools that should be utilized to help prevent and/or document breaches and basic procedures that allow you to build an electronic paper trail of every activity involving electronic protected health information (PHI) in your IT environment.
Who Has Your Back?
Because SkyPort IT specializes in HIPAA compliance for healthcare IT, policies and procedures for electronic records and information systems, we advocate for security on every layer and level of your information network.
In the case of St. Peter’s recent malware discovery, our breach management system would identify exactly what had happened and there would be no ambiguity related to where the files were or who had them because we track every file being accessed in the network. We set up alerts so that if access to a file had occurred we could quickly track specifically who in the organization had touched these files, and the path they had taken. It can block operations with files to prevent critical data from leaving the environment.
More importantly, our healthcare cybersecurity services extend to ensuring that we prevent malware from making its way to your server, to begin with. As important as the software tools and services that we utilize to keep organizations like yours stay safe, are the HIPAA compliance policies and procedures we put in place for data protection.
Physical security for your server is especially important. All servers should be physically and remotely secure with limited access. If you have an IT person on staff, which many small to medium-sized businesses do not, you must have a policy and procedure in place to limit access to the organizations’ server.
Patient records are a gold mine.
There are a number of ways a worm or malware can infect or enter your IT network. While it is important for all employees to be educated about general good practices regarding their use of the internet and your internal network, it is critical that the employees most active on the network – such as your IT staff - are being vigilant.
The server is not a personal workstation and should only be used for appropriate work such as maintenance. Your IT staff, IT provider, or anyone with administrative access rights to the server, should never be engaged in these activities which are all vectors for intrusion:
Browsing the web
Looking at emails
Opening files off a thumb drive
Plugging in a cell phone
Recognizing that the server at a healthcare or medical organization holds information that is a gold mine for hackers is the first step in protecting your patient’s data, your business, and your reputation. Advice and useful materials for cloud computing security and healthcare IT can be found here: https://www.skyport-it.com/useful-materials-just-for-you.
There are continuing robocalls being made warning that your Windows licensing has expired and all your Windows services will be stopped. It is a scam...
Think before you click.
Was I expecting a document to sign?
Does it look off for some reason?
Under the hood? - If you go to File, then properties in Outlook you would find the real source of the email has nothing to do with Docusign Users or their mail servers.
If you are in doubt, throw it out!
HERE IS A NEW PAIN IN THE NECK! FIX THIS ONE ASAP.
WHILE THE WORLD IS STILL DEALING WITH THE THREAT OF 'UNPATCHED' MICROSOFT OFFICE'S BUILT-IN DDE FEATURE, RESEARCHERS HAVE UNCOVERED A SERIOUS ISSUE WITH ANOTHER OFFICE COMPONENT THAT COULD ALLOW ATTACKERS TO REMOTELY INSTALL MALWARE ON TARGETED COMPUTERS.
On October 16, 2017 the U.S. Department of Homeland Security announced the news of the KRACK (‘key reinstallation attack’) flaw in the protocol which was designed to secure all modern protected Wi-Fi networks.
SkyPort IT Nominates National Alliance on Mental Illness (NAMI) for M&T Business Challenge
Scam of the Week: Equifax Phishing
You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.
WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.
In today’s hyper-connected world, email-based communications are not just commonplace – they have become a fundamental cornerstone for effectively conducting business, with the total volume of worldwide emails sent per day projected to increase by at least 5% every year. Given the ubiquitous nature of email communications, emails are and will continue to be a popular vector for a variety of threats.
NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.
Scam of the Week: Massive DocuSign Phishing Attacks
DocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information. Ouch. So here is your Scam of the Week.
They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns. They now are advising customers to filter or delete any emails with specific subject lines. We do not repeat them here, because this newsletter might be filtered out, but you can see them at the blog, together with screenshots:
The campaigns all have Word docs as attachments, and use social engineering to trick users into activating Word's macro feature which will download and install malware on the user's workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.
I suggest you send the following to your employees. You're welcome to copy, paste, and/or edit:
"Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.
But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click."
Latest Wannacry Ransomware Information
If you’ve not been keeping up with the Wannacry ransomware, it’s probably worth an hour to view it. The insight on how people were tracking it down and reacting to it could be useful.
I’d give it a 4/5 on topic/interest/content depending on how much you’ve already learned about wannacry.
[URGENT ALERT] Defend Against This Ransomware WMD NOW
This is not a drill, or a phishing test.
Yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a ransomware strain so that it replicates like a worm and takes over the whole network.
This is the biggest ransomware outbreak in history. There is a MS patch that needs to be applied urgently if you have not done that already.
I suggest you immediately look into this and patch your systems before your users come back to work on Monday. Here is a blog post with all the updated detail:
Yes, if you hover, this link is redirected, but you can cut&paste the link to our blog if you are paranoid. (which you should be!)
This is a bad one. Let's stay safe out there.
New York is the first State to enforce regulation laws towards Financial companies specific to Cyber Security. The regulation makes it clear that cybersecurity is not solely a technology or information security team matter. It comprises an enterprise-level approach to managing cyber risk by expressly imposing responsibility for the cybersecurity program on senior management and requiring not only technical controls, but operational controls, policies and procedures, training programs and reporting to senior management and the board.
Many pieces of this regulations are expected to be adopted by the end of this summer.
Here is a great article on this topic.
Also check with your associations to see if they have developed templates for your industry for policies and procedures.
As part of our managed services we help in the development of proper policies and procedures. This is the first step in compliance. However, few organizations have proper ones in place. Our years of experience in HIPAA and PCI-DSS make this a no-brainer. It is like running a business without a business plan, bad things can happen.
P.S. – You may find (and request) useful information here on our site: https://www.skyport-it.com/useful-materials-just-for-you