Healthcare under attack by new strain of ransomware

cyber-criminal-01FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign.

The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) is worth hundreds of dollars per complete record and it's vital to provide care to patients.  Cyber-criminals once chased credit cards because stealing the credit card record was fairly easy and selling the stolen records on the dark web was simple and profitable.  Then they moved on to PHI records because it was worth so much more on the dark web.  But, cyber-criminals have been moving to ransomware because it garners immediate payment from the victims.

There have been a lot of blogs about ransomware hitting large hospitals or healthcare providers.  That's true, but cyber-criminals don't care how big you are, they know all healthcare is a prime target that will pay.  If you're a single doctor's office, a chiropractic, optometric office, therapist, physician or surgeon your practice is a target.  It's important to take action now and protect your PHI.

Ronghwa Chong of Fireeye Labs wraps up his report with "These latest campaigns are a reminder that users must be cautious when it comes to opening attachments in emails or they run the risk of becoming infected and possibly disrupting business operations."  If you're not prepared to recover from ransomware, it can even cause severe cashflow interruption, loss of revenue and potentially impact healthcare services to your patients.  Make sure you have a disaster recovery plan in place and your backups are secure and usable.

Hand Drawn Action Plan on Green Chalkboard. Modern Office Interior. Dark Old Concrete Wall Background. Business Concept with Doodle Style Elements. 3D.

Plan of Action

  1. Admit your healthcare business is a target of cyber-criminals.
  2. Make sure your backups are current, working, secure and a full restore works.  TEST THAT YOU CAN RESTORE FROM BACKUPS.
  3. Understand that you (the owner, the doctor, compliance officer, and/or the office manager may be charged and jailed for HIPAA non-compliance.)
  4. Understand that even with improved cyber-defenses you're likely to experience a breach.
  5. Improve your cyber defenses to prevent a breach.
  6. Create a breach notification plan to guide you in the event of a breach - which is highly likely.
  7. Work to become HIPAA compliant.
    1. Perform a risk assessment (security risk analysis).
    2. Work on the list of corrective actions identified in the risk assessment.
      1. This should include improving the cyber-security of your computers and network and training of staff.
    3. Have the entire staff take HIPAA training that includes cyber-security.
    4. Implement HIPAA policies and procedures for your business.


Take our Free risk assessment to find out what you need to do to protect your PHI and work towards HIPAA compliance.

Protect your patients, protect your pratice, protect yourself.

Read the FireEye Labs report.


Robert Felps
About the Author

Innovative problem solver. Robert Felps takes a holistic view of the situation, understanding the business objectives, then architects a solution that exceeds the expectations for much less than standard industry solutions would cost.

%d bloggers like this: