SamSam Ransomware Continues to Threaten Healthcare Sector

 Public facing servers are believed to be the point of entry, not phishing.

Public facing servers are believed to be the point of entry, not phishing.

Hackers have launched at least eight separate cyberattacks on healthcare and government organizations so far in 2018 using SamSam ransomware, according to the Department of Health and Human Services. 

Although SamSam was originally discovered in 2016, the criminals using it began to ramp up activity in December, 2017 and have continued to increase its use in 2018. SamSam was behind the Allscripts attack for example, two Indiana based hospitals, the Erie County Medical Center, the Colorado Department of Transportation, and the City of Atlanta, among others.

This ransomware does not work by tricking users with phishing. The attacker is believed to gain initial access to the target systems through open public facing servers (Remote DesktopProtocol/Virtual Network Computing), before gaining access to additional computers once inside the network and deploying the SamSam malware.

Healthcare is particularly vulnerable. “Due to the sector’s reliance on IT systems and the operational importance of patient data and records, the ransomware risk to the [health] sector is expected to continue for the foreseeable future,” HHS officials wrote. “Organizations are encouraged to utilize data backups and develop contingency and business continuity plans that can ensure resilient operations in the event of a ransomware event.” 

“The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification regulations require HIPAA covered entities and their business associates to safeguard protected health information (PHI). The HIPAA Security Rule requires implementation of security measures that can help entities prevent the introduction of ransomware as well as assist entities in how to respond and recover from ransomware attacks. Some of these required security measures include:

· Conducting a risk analysis to identify and assess risks to electronic protected health information (ePHI);

· Implementing security measures to mitigate or remediate identified risks;

· Implementing procedures to guard against and detect malicious software;

· Training users to assist in detecting malicious software and how to report such detections;

· Establishing contingency plans including data backup and recovery; and

· Developing procedures for responding to security incidents such as a ransomware attack.

All of these prevention measures are included in The HIPAA E-Tool®. In particular, the Risk Analysis – Risk Management section provides guidance needed about contingency plans and data backup. It’s impossible to create the back up or the contingency plan after the fact – the only way to stay safe is through prevention and planning. With The HIPAA E-Tool® your Risk Management Plan is easy to do, with step by step instructions and a dashboard to guide your progress - see below. All the data is archived so your work next year is easier to complete, and all is documented and saved, at your fingertips whenever you need it.

 The new dashboard in the Risk Analysis - Risk Management section guides staff through the process, allows for stop and start work to completion, and helps management see progress.

The new dashboard in the Risk Analysis - Risk Management section guides staff through the process, allows for stop and start work to completion, and helps management see progress.