Pat Stricker, RN, MEd
Senior Vice President
TCS Healthcare Technologies
Last week’s unprecedented "Wanna Cry" ransomware attack affected over 200,000 systems in more than 150 countries, including China, France, India, Japan, Russia, Spain, Taiwan, the United Kingdom, and the United States. European counties were hit the hardest: Germany’s railway system; Spain’s telecom, gas, and electrical companies; and the U.K.’s National Health System (NHS) trusts that were forced to shut down emergency services and cancel surgeries. Luckily U.S. companies were largely spared because the threat was mitigated before they could be significantly affected.
While this was the most massive cybersecurity attack yet, we were spared from a larger catastrophe by a 22-year-old U.K. security researcher, who just happened to be checking his threat-sharing platform from home during a week off work, when he noticed several U.K. organizations being hit simultaneously with ransomware attacks. He and a fellow researcher were able to quickly find a way to significantly slow the malware’s progress, thus avoiding a major catastrophic cyber-event.
Also known as "Wanna Crypt" and "Wanna Decrypt," the ransomware encrypts a computer’s documents, music, pictures, and all other files, making them inaccessible to the victim. They are then held hostage until the victim pays a ransom of $300 to unlock the files. If ransom is not paid within three days, the ransom is increased to $600. Organizations that have routine back-ups of their system can eliminate having to pay the ransom and restore their system, but it still results in system downtime and a lot of time and effort to get the system up and running again. Organizations that do not have back-ups of their system have to pay the ransom or risk losing all their data.
Ransomware is usually introduced into a system by a phishing attack that uses legitimate-looking emails with attachments or web links sent from organizations, such as banks or credit card companies, to lure victims into "updating" their personal information (birth date, social security number, passwords, etc.). When the attachment or link is clicked, malicious malware or Trojans are introduced into the victim’s system. The "Wanna Cry" attack seems to have come from a web link, which contained the malware. Once clicked, it multiplied very quickly through the use of file sharing software that automatically spread the malware from one system to another. Some phishing scams are easy to identify, but others can be cleverly disguised. (For more information about phishing see a previous newsletter article: "Cybersecurity for Case Managers: Don’t Get Hooked – How to Prevent Being Caught in a "Phishing" Attack").
One reason this attack was so widespread was due to the fact that many organizations were still using older versions of software, e.g. Microsoft, that are no longer being supported and automatically updated by the developer. So, the systems did not have the most recent cybersecurity updates, which could have prevented the attack. Home computers, using older versions of Microsoft or outdated malware products can also be unprotected if they are not routinely updated. Because of the magnitude of this threat, Microsoft issued a free unprecedented update to older versions of Microsoft that are no longer supported. Check to be sure your Microsoft software and malware products have the most recent updates.
Since more and more of our daily tasks and processes now include the internet, we need to become much more vigilant in looking for and preventing these types of attacks. We cannot get lulled into thinking that the malware on our system or our Information Technology (IT) department will handle all these threats. As you can see from what happened last week, those safeguards were not enough to stop the attack. All it took was for someone to click on a link that contained the malware. And I’m sure you don’t want to be that "someone" who takes down over 200,000 systems!
As we become more and more dependent on the internet and computerized systems, we are becoming more at-risk for major cybersecurity attacks that can cripple our systems. This attack, as well as the increased number of healthcare-related security breaches and the hacking involving the U.S. election campaign are examples of major cybersecurity attacks that could be leading to a major catastrophic event.
As case managers, we must realize that cybersecurity is not just an IT function. Sure, IT does everything it can at a corporate level to develop a secure infrastructure and implement security safeguards. However, every individual is also responsible and accountable for cybersecurity. Each of us need to be a "steward of security", empowered and accountable to create a culture that is essential in raising awareness and reducing security incidents.(For more information about what each of us can do, see a previous newsletter article "Cybersecurity for Case Managers: Responsibilities of Individual CMs").
Management staff has an added responsibility of making sure all staff members are routinely provided with cybersecurity training and constantly tested to assure they are cognizant of the threats and know how to avoid them.
To help with those goals, I have included some references that include staff cybersecurity training programs and quizzes that can be used by individual case managers to test their knowledge and awareness and by management staff to quickly develop staff training and testing programs. There are also some tools that can be used by managers or IT departments to assess the level of potential threats in their organization and an open source user interface tool that can be used by IT departments to develop training and testing programs and track program results. I hope you will find these useful.
Cybersecurity Educational Programs
Cybersecurity Quizzes
Cybersecurity Management Tools