WannaCry and now EternalBlue threats prove cybersecurity review is a must
The recent WannaCry virus cyberattack and the discovery of the EternalBlue ransomware variant has left many healthcare organizations re-evaluating security procedures to avoid falling victim to the spread of these attacks and to more cyberattacks in the future. First National Technology Solutions, a managed IT services firm that, among other things, assists clients with cybersecurity matters, is counseling its clients and sharing some of that advice.
“One thing businesses can do to try to avoid becoming the victim of a cyberattack is frequently patching their operating systems,” said Robert LaMagna-Reiter, director of information security at First National Technology Solutions. “Microsoft published the main patch for WannaCry in March. FNTS pushed clients through its patching program sooner than it normally would have, since there were more recent vulnerabilities that were threatening security.”
[Also: Ransomware worse than WannaCry discovered, also leverages NSA tools]
Healthcare organizations looking to review their security should take the following steps, LaMagna-Reiter advised:
- Make sure all software is up-to-date on a regular basis.
- Frequently patch operating systems as soon as updates are available.
- Educate employees about malicious content and how to identify and avoid it.
- Limit employee access to resources that aren’t necessary for daily workflow.
According to LaMagna-Reiter, user education is extremely important, especially since attacks such as WannaCry spread largely through phishing emails. Giving employees less access to resources that aren’t necessary in their daily workflow also could limit the spread of malware, he said.
“If your business’ information is compromised, do not pay the ransom; instead, we recommend immediately removing the device from the Internet and network to prevent the malware from spreading to other devices,” LaMagna-Reiter said. “Then, contact your information security team. Infected devices will need to be restored from their last-known working back-up. After the devices are restored, employees should change their log-in credentials. Before devices are reconnected to the network and Internet, they should be updated or patched as much as possible to prevent the virus from infecting it again.”
[Also: After WannaCry, Senators float bill to stop US cyber weapon stockpiling]
Healthcare organizations also should ensure their anti-virus definitions, IPS signatures and other protection features are up to date, he added.
LaMagna-Reiter also offered tips for detecting and avoiding a security incident, including:
- Align security controls with the risk and impact to the organization and prioritize responses and resources.
- Rely on security automation services. Manual investigation should be used to augment existing alerts.
- Join forces with trusted third parties, internal staff, law enforcement and security tools.
- Patch. Keep systems up to date and replace assets that cannot be patched or updated.
- Watch and recognize patterns while monitoring for vulnerabilities and attacks; use behavior analytics and trust instincts.
- As technology changes so must security strategy. Security should be part of the process, not an add-on.
- Educate staff and regularly reinforce training.