Tag: cybersecurity

Categories
Education

Nuance: Second medical records breach

Nuance UPDATE: 2017 Ransomware attacks on Healthcare The impact of last year’s global cyber attacks linger into May 2018. NotPetya wiped Nuance’s hosted services. In late December, they announced a security event. Now we understand it was their second breach.

Nuance Communications deploys very popular medical transcription services. Their US market share at hospitals, clinics and health systems is roughly 70%.

Nuance

However last June the NotPetya global cyber attack erased Nuance’s eScription medical transcription service.

Nuance lost ALL customer data due to NotPetya’s data destruction. Nuance could not restore backups of client data.

As a result hospitals and clinics lost more than 45 days of medical transcriptions which ultimately, led to delays in medical billing. Yet in almost thirty days Nuance was able to rebuild eScription, sans client transcriptions.

Then in December 2017 without any notice to healthcare organizations, Nuance shut down their Apex medical transcription service due to a “security” event.

Continue reading “Nuance: Second medical records breach”

Categories
Cyberinfrastructure Education Network Ransomware Technology

Healthcare’s 2018 threat is crypto mining

Crypto mining attacks are more stealth than WannaCry.

Cybercriminals continue to drive crypto mining attacks on hospital computers. Some crypto mining attacks will require hospitals report a breach of PHI. If the crypto installed is the popular WannaMine, this is considered a reportable ransomware attack.crypto mining
Last year ransomware took the American healthcare industry by storm. Botnets and crypto mining experienced continued growth since 2016. The WannaCry attack on the British health system and NotPetya simply pushed them off the front pages. They did not disappear. Make no mistake, crypto mining is the new attack vector in 2018 after strong growth over the previous two years.

Tennessee hospital EMR server hit with crypto mining

On January 26th, 2018 Decatur County General Hospital in Parsons, Tennessee announced (PDF) that over 20,000 PHI records were compromised by crypto mining software discovered on the hospital’s main electronic medical records server.

Continue reading “Healthcare’s 2018 threat is crypto mining”
Categories
Cyberinfrastructure Education Ransomware Technology

Ransomware Vendor Solutions

There are a number of emerging vendor solutions to address ransomware threats as 2018 begins.

ransomware, botnets and crypto miningThe continuing ransomware threats in 2018 may shift from global attacks to botnets and cryptocurrency attacks. The financial attacks like WannaCry and NotPetya will also continue when cybercriminals can exploit known vulnerabilities on a global scale. The lessons learned from 2017 have reached a critical point for healthcare to ensure hospital attacks on IT infrastructure and medical devices are now protected. Vendors are responding with innovative solutions that may stop a ransomware encryption attack. We look forward to partnering with vendors who can provide this new level of cyber defense.

Vendor White Papers:

Cisco
Ransomware Defense Validated Design Guide (PDF)
US Department of Justice
How to Protect Your Networks from Ransomware
ECRI
2018 Top 10 Tech hazards: Ransomware
ComputerWeekly
WannaCry a signal moment, says NCA
Which?
Ransomware: what it is and how to stop it
Continue reading “Ransomware Vendor Solutions”
Categories
Cyberinfrastructure Education Milwaukee Network Ransomware Technology

Ivanti Interchange Podcast

I was humbled to be considered a guest on Ivanti’s Interchange Podcast addressing ransomware in healthcare.

it interchange podcastI added their new series to my collection of InfoSec podcasts as soon as our Hospital server team acquired Ivanti’s Patch for Windows service back in June. In this timeframe, I suggested to our Hospital’s IT patch subcommittee to consider adding Ivanti’s Patch Tuesday Webinar series into our meeting schedule.

Ivanti launched their monthly webinar in April 2017 and provide a solid overview to Microsoft’s Patch Tuesday releases. This also includes key third-party updates from Adobe, Google, and Mozilla.

After registering for October’s webinar, by chance an out-of-the-blue a marketing specialist from Ivanti called. When I confirmed our participation in the coming Patch webinar, they suggested considering their new IT Interchange Podcast. I believe they were pleasantly surprised that I was able to recite all their podcast topics.

Continue reading “Ivanti Interchange Podcast”
Categories
Cyberinfrastructure Education Milwaukee Network Ransomware Technology

Ivanti Patch for Windows

The 2017 Ransomware attacks on healthcare or: How I Learned to Stop Worrying and Love Ivanti.

Ivanti’s Patch for Windows helps hospitals, clinics, and health systems mitigate ransomware attacks with agile change management, security controls and third-party patching for healthcare in the age of ransomware.
patch for windows
How did hospitals and clinics come to rely upon Ivanti? In 2017 the healthcare industry was confronted for the first time by a multi-headed monster in ransomware attacks. WannaCry, NotPetya and multiple ransomware strains have forever changed the data security landscape for hospitals, clinics and health systems.

Continue reading “Ivanti Patch for Windows”