Infogressive’s Jeff Murphy provides feedback from SC Magazine’s article “Ransomware goes to Hollywood medical centre.”
For Hollywood Presbyterian Medical Center to have paid out over three million dollars in ransomware and suffered a week of down time indicates a less than stellar cyber security posture.
Infogressive exists to assist companies like them in creating a network that’s resistant to such attacks.
Using next generation firewalls, advanced malware protection, proper network segmentation and logging and reporting such attacks can be identified early and the potential damage drastically mitigated.
“HPMC appears to have had no dedicated cyber-defence team. As such, the staff has initially turned to the LAPD and the FBI in order to search for the hackers behind the ransomware demands.”
While reaching out to law enforcement is certainly a valid response, law enforcement agencies often lack the resources or the trained personnel to respond effectively to incidents such as this. Their focus must be on gathering evidence and potentially catching the people behind cyber crime rather than helping the hospital recover from the damaging attack.
“The hospital’s network was taken completely offline with the loss of some patient data and access to email. Hospital president and CEO Allen Stefanek also confirmed that the emergency room systems were ‘sporadically impacted’ by the malware.”
Using Infogressive’s advanced malware prevention service, the malicious file could have been quarantined before it executed. Our malware prevention service uses file attributes rather than signatures to identify malware that is often missed by other solutions and has a much greater success rate than standard signature based tools.
A next generation firewall would have prevented any malware from being able to call back to its command and control element on the internet, stopping the threat there. Additionally, network segmentation through a next generation firewall could have identified the signature of the malicious software performing encryption and stopped an infected workstation from encrypting files on the servers.
Logging and reporting in the form of a SIEM (Security Incident and Event Manager) would have allowed the cyber security team to identify an infected workstation performing suspicious activity and physically removed it from the network before it could have widely affected server resources. Additionally, the scope of the infection would have been easy to identify and eradicate with a minimum of operational interference.
“Speaking to SCMagazineUK.com on this story today was Troy Gill, manager of security research at AppRiver. Gill said that although most ransomware is in fact delivered by email, some variants have also been found hosted on websites. These website versions rely on a drive-by download technique in order to infect their victims.”
Sandboxing technology can be used to execute potential malware in a safe environment and analyze its actions in order to protect against ‘zero day’ attacks. This prevents otherwise unknown malicious files from ever entering the network. Files that are brought in via mail attachments, downloads from websites, and file sharing utilities like DropBox and iDrive can all be put through sandbox inspection.
“In the Hollywood incident specifically, no loss of human life was reported. However, some patients were moved to neighboring facilities.”
It’s only a matter of time until the actions of cyber criminals result in even more serious, even fatal consequences.
Ransomware is a well understood attack that is easily preventable with a healthy security posture in place. Don’t be the next victim of cyber crime! We can help your healthcare organization achieve a robust and safe environment, minimizing risk and maximizing system uptime. Let Infogressive help you prevent ransomware.