HIPAA Risk Analysis Tip – #WannaStopCrying

Unless you’ve just returned from a 10-day interplanetary space mission, you’ve heard about the weaponization of ransomware into a Weapon of Mass Effect (WME) starting last Friday, May 12th. Organizations worldwide are in chaos trying to protect their systems while remaining operational. It seems that a group called the Shadow Brokers stole and released a suite of Equation Group attack tools purportedly designed by an in-house hacking team for NSA.  In these tools was a malware called DoublePulsar designed to exploit older versions of Windows. The Shadow Brokers are believed to be tied to the North Korean government.

While Microsoft prioritized the development of patches for vulnerabilities targeted by DoublePulsar (perhaps having been tipped off by NSA), many organizations apparently did not install them leaving machines still running Windows XP, Windows Vista, or Windows Server 2003 susceptible to an attack.  Now those organizations are scrambling to find and implement those patches.

What follows are short game and long game prescriptions.  Yes, we need to ultimately establish, implement and mature an information risk management program.  AND, yes, we must deal with the day-to-day discovery of new threats and vulnerabilities.

Short Game Plan for #WannaStopCrying:

  1. Don’t Block the Domain: By registering the malware’s unregistered domain name, a British security researcher unknowingly led all new infections of the ransomware to kill themselves. So at this point, Britain’s National Cyber Security Center (NCSC) recommends not to block that domain as it is to be used to resolve at the point of compromise.
  2. Patch Systems – Install MS17-010 issued by Microsoft in March; install Microsoft’s “one-off security fixes for operating systems no longer supported: Windows XP, Windows Server 2003 and Windows8 and/or other guidance issued by Microsoft.
  3. Until the security patch is applied, disable the Server Message Block v1 (SMB) on all computers.
  4. Upgrade all computers to Windows 10 along with the Windows Defender Antivirus which can detect this malware.
  5. Maintain daily or more frequent offline / offiste backups of critical data, including application, databases, mail systems and users files. Test backups regularly for data restoration.
  6. Keep informed by accessing:
    1. NIST Computer Security Resource Center – encouraging the sharing of information security tools and practices
    2. FBI Cyber Security Terrorism – addressing evolving threats
  7. Ensure antivirus signatures are up to date as vendors are working to deliver updated signatures to detect/prevent a reoccurence.
  8. Retrain employees and other workforce members on social engineering, phishing and spoofing methods and ramifications. Test the results frequently.
  9. Check on this process with your Business Associates. Require attestations of the steps they have undertaken to protect your information.

But then what? what’s next #WannaSpy? #WannaDie? #WannaLie?  How and when will you be ready?

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Related Blogs

Navigating the HIPAA Privacy Rule for Reproductive Healthcare: Compliance Essentials Before the December 2024 Deadline

Navigating the HIPAA Privacy Rule for Reproductive Healthcare: Compliance Essentials Before the December 2024 Deadline

In an era where the privacy of reproductive healthcare has become a topic for debate, healthcare organizations face growing fears and challenges over the potential misuse of sensitive patient data. Recent legal developments, coupled with the shifts following the Dobbs v. Jackson decision, have shown the urgent need for robust safeguards. Notably, the December 23, 2024 compliance deadline for the HIPAA Privacy Rule Final Rule to Support Reproductive Health Care Privacy offers a pivotal moment to address these concerns.
The Health Care Cybersecurity and Resiliency Act of 2024: Key Takeaways and Implications

The Health Care Cybersecurity and Resiliency Act of 2024: Key Takeaways and Implications

The Cybersecurity and Resiliency Act (HCCRA) of 2024 is yet another proposed bill aimed at strengthening the healthcare sector’s cybersecurity posture and resilience. It focuses on improving coordination between government organizations, updating cybersecurity standards, increasing breach reporting requirements, and providing grants to rural healthcare organizations that lack both financial and human resources needed to address growing cybersecurity vulnerabilities and increasing threats.

Connect
With Us