Serving Harris, Galveston, Brazoria and Fort Bend Counties
HOUSTON
August Issue 2017
Inside This Issue
Protecting Your Organization from Ransomware Attacks By Jan Hertzberg, CIPP, CISA
R Memorial Hermann Announces Chuck Stokes as New President and CEO See pg. 11
INDEX Mental Health...................... pg.3 Legal Matters........................ pg.5 Oncology Research......... pg.6 Geriatric Medicine............ pg.8 Healthy Heart..................... pg.10
What’s the difference between Alzheimer’s and Dementia? See pg. 12
ansomware is a form of malware that targets your critical data and systems for the purpose of extortion. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016, according to the U.S. Department of Justice (DOJ). That’s a 300 percent increase over the approximately 1,000 attacks per day seen in 2015. The U.S. Computer Emergency Readiness Team stated the latest version of a ransomware variant, known as WannaCry, WCry or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and rapidly spread to more than 99 countries—including the U.S., U.K., Spain, Russia, Taiwan, France and Japan—through a period of several hours. Ransomware often is delivered through spear phishing emails targeting a specific organization or individual. After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving payment, the cyber actor provides further instructions as to how the victim can regain access to the system or data. Health care environments are primary targets for identity theft and ransomware events. This is due to the treasure trove of data available, including personally identifiable information and electronic
protected health information. These data sources often are in great demand by cybercriminals and fetch strong prices from the underground market. From the ransomware perspective, rendering health care systems useless until a ransom is paid raises patient care concerns and often incentivizes payment of the ransom. Compounding the lucrative nature of health care targets, health care entities often are highly complex and dynamic in structure. Such an organization becomes difficult to protect in terms of risk management, information governance and internal controls. This environment creates an ideal situation where cyberthreat actors can operate. The DOJ recommends taking steps now to help prevent the worst effects of a ransomware attack, including: ∙∙ ∙∙
Implement a strong cybersecurity awareness and training program. Put in place effective technical measures to protect computer networks, such as: ∙∙ Enable strong spam filters to prevent phishing emails from reaching the end users and implement technologies to prevent email spoofing. ∙∙ Scan incoming and outgoing emails to detect threats and filter executable files from reaching end users.
∙∙ Configure firewalls to block access to known malicious IP addresses. ∙∙ Patch operating systems, software and firmware on devices. Consider using a centralized patch management system. ∙∙ Set antivirus and antimalware programs to automatically conduct regular scans. ∙∙ Configure access controls— including file, directory and network share permissions with least privilege in mind. ∙∙ Implement effective system logging and monitoring tools. ∙∙ Regularly back up data and verify the integrity of those backups by testing the restoration process to ensure that it’s working. ∙∙ Conduct an annual cybersecurity a s ses sment—wit h net work penetration testing—to identify vulnerabilities. If systems become infected with ransomware, we recommend these actions: ∙∙ Forensically preserve affected systems ∙∙ Collect relevant logs and activity ∙∙ Maintain chain of custody evidence ∙∙ Reconstruct event timeline ∙∙ Identify threat actor tactics ∙∙ Determine if data exfiltration see Ransomware Attacks... page 18
PRSRT STD US POSTAGE PAID PERMIT NO 1 HOUSTON TX