WannaCry Will Make a CIO Cry

Posted on July 3, 2017 I Written By

David Chou is the Vice President / Chief Information & Digital Officer for Children’s Mercy Kansas City. Children’s Mercy is the only free-standing children's hospital between St. Louis and Denver and provide comprehensive care for patients from birth to 21. They are consistently ranked among the leading children's hospitals in the nation and were the first hospital in Missouri or Kansas to earn the prestigious Magnet designation for excellence in patient care from the American Nurses Credentialing Center Prior to Children’s Mercy David held the CIO position at University of Mississippi Medical Center, the state’s only academic health science center. David also served as senior director of IT operations at Cleveland Clinic Abu Dhabi and CIO at AHMC Healthcare in California. His work has been recognized by several publications, and he has been interviewed by a number of media outlets. David is also one of the most mentioned CIOs on social media, and is an active member of both CHIME and HIMSS. Subscribe to David's latest CXO Scene posts here and follow me at Twitter Facebook.

If you like CXO scene, you can subscribe to future Health Care CXO Scene posts here or read through the CXO Scene archive. Also, join us for the live recording of our first ever CXO Scene podcast on Thursday, 7/6/17 at 1 PM ET (10 AM PT) where we’ll be talking Petya, MACRA, and Organizational Blindness.

As continuous research is done to create better defenses against malicious computer attacks, cybercriminals have also come up with more ways to get cash into their pockets as quickly as possible.  In the past years, a new breed of computer virus has started infecting computers and mobile devices. These viruses are unlike the previous malware as they lock down the computer including the precious files in it and only unlocks it when the user has paid the demanded amount. WananCry, Cryptolocker, Cryptowall, and TeslaCrypt are the new computer viruses that belong to a family of infections known as ransomware.

Cryptolocker is the earliest version of ransomware that started infecting computers in 2013. It easily infects computers through phishing links usually found in email attachments and through computer downloads.  Once a computer has been infected with ransomware, all the computer files are held as ‘hostage’ of the cybercriminals. In some cases, ads of pornographic websites appear on the screen each time a user clicks. These cybercriminals demand payment in order to unlock the files and restore the computer to its previous state.  As an added pressure, these criminals threaten users to delete all files if certain demands are not met within a specified period (usually within 24 hours). The desperate user usually doesn’t have any choice but to give in.

Ransomware Threat in Hospitals

Threats from ransomware has been widespread and it has affected computers of hospitals. In a Reuters report, it stated that a study from Health Information Trust Alliance on 30 mid-sized U.S. hospitals revealed that over half of these establishments (52%) were infected with the malicious software.  Recently we are starting to see countries get shutdown due these attacks while a global voice dictation vendor was shut down and this interfered with the doctor’s ability to voice dictate their notes.

How Companies Can Prevent Ransomware Attacks

Ransomware attacks are serious threats in healthcare. When computers in hospitals stop functioning, there will be delay in information access and flow and may compromise the safety of the patients. When there is ransomware attack, caregivers will have no access to patients’ data which can be crucial for those who are unconscious. It can also result in delayed or undelivered lab requests and prescriptions. And since there are medical devices that rely on computers to be operated, they can be inoperable all throughout the period the computer is held ‘hostage.’

With more medical facilities relying heavily on technology for its operation, it’s crucial to keep the computers malware-free. The following are some tips on how you can prevent these ransomware attacks:

  • Back up your data
    One of the best things companies can do to protect themselves from ransomware is to regularly do backups. Regularly backing up your files can give you a peace of mind even if a malicious attack happens. Since ransomware can also encrypt files on mapped drives, it’s important to have a backup regimen on external drives or backup services that are not assigned a drive letter. The one key element that is missing during the backup process is testing the backup to make sure that it is working. Do not miss the testing step.
  • Make file extensions visible
    In many cases, ransomware arrives as a file with a .PDF.EXE extension. By adjusting the settings to make these file extensions visible, you can easily spot these suspicious files. It also helps to filter email files with .EXE extension. Instead of exchanging executable files, you may opt for zip files instead.
  • Take advantage of a ransomware prevention kit
    The rise of ransomware and its threats have paved way for cybersecurity companies to come up with ransomware prevention kits. These kits protect the computer by disabling files that are run from the App Data, Local App Data folders, and executable files run from Temp directory.
  • Disable the RDP
    The RDP or Remote Desktop Protocol is a Windows utility that enables others to access your desktop remotely. If there is no practical use of RDP in your daily operations, then it’s best to disable it as it’s often used by ransomware to access targeted machines.
  • Update your software regularly
    Running outdated software makes your computer more vulnerable to ransomware attacks. So, make sure to regularly update your software.
  • Install a reliable anti-malware software and firewall
    This is applicable to malware in general. Having both the anti-malware software and firewall creates a double-wall protection against these malicious attacks. If some gets past the software, the firewall serves as the second level of protection from the malware.
  • When ransomware attack is suspected, disconnect immediately from the network
    While this isn’t a foolproof solution, disconnecting immediately from the network or unplugging from the WiFi as soon as ransomware file is suspected can reduce the damage caused by the malware. It may take some time to recover some files but doing this can sometimes cut back the damage.

Ransomware poses a serious threat not just to the security of hospital files but as well to the patients’ safety. Hence, companies, especially healthcare facilities, must not take this malware issue lightly.  Your biggest security risk exposure is internal so make the effort to educate your internal workforce as a priority as well.

If you’d like to receive future health care C-Level executive posts by David in your inbox, you can subscribe to future Health Care CXO Scene posts here.