Categories
Cyberinfrastructure Education Network Ransomware Technology

Healthcare’s 2018 threat is crypto mining

Crypto mining attacks are more stealth than WannaCry.

Cybercriminals continue to drive crypto mining attacks on hospital computers. Some crypto mining attacks will require hospitals report a breach of PHI. If the crypto installed is the popular WannaMine, this is considered a reportable ransomware attack.crypto mining
Last year ransomware took the American healthcare industry by storm. Botnets and crypto mining experienced continued growth since 2016. The WannaCry attack on the British health system and NotPetya simply pushed them off the front pages. They did not disappear. Make no mistake, crypto mining is the new attack vector in 2018 after strong growth over the previous two years.

Tennessee hospital EMR server hit with crypto mining

On January 26th, 2018 Decatur County General Hospital in Parsons, Tennessee announced (PDF) that over 20,000 PHI records were compromised by crypto mining software discovered on the hospital’s main electronic medical records server.

This is growing dramatically across hospitals, clinics, and health systems. With the emergence of WannaMine healthcare facilities must apply the July 12th  HHS-issued Factsheet: Ransomware and HIPAA (PDF link).

Read more about it:

February 20th – Wired
HACK BRIEF: HACKERS ENLISTED TESLA’S PUBLIC CLOUD TO MINE CRYPTOCURRENCY
February 8th – Microsoft Windows Defender Security Intelligence
Trojan:POWERSHELL/WANNAMINE.A
february 2nd -2SpyWare
WannaMine virus is used for mining Monero cryptocurrency
February 1st – security affairs
WannaMine, the sophisticated crypto miner that spreads via NSA EternalBlue exploit

February 1st – Panda Security
WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools
January 31 – Sophos Naked Security
What are “WannaMine” attacks, and how do I avoid them?
January 31st – The Inquirer
NSA exploit EternalBlue is back and powering WannaMine cryptojacking malware
January 31st – Fossbytes
WannaMine: Another Cryptojacking Malware Fueled By Leaked NSA Exploit Is Rising

Crypto mining is proving very difficult attack to detect. Tesla even confirmed their servers were also compromised for crypto mining.

There are growing concerns that the strong growth in crypto mining for legitimate commercial use will only add more confusion around mitigating crypto mining across hospitals and clinics.