For the last few weeks, SamSam ransomware attacks have steadily increased across all sectors. The virus took down the entire municipality of Farmington, New Mexico, and just last week two hospitals were hit -- Hancock Health and Adams Memorial.
Allscripts appears to have become the first EHR vendor brought down by ransomware, although officials have said the variant is slightly different than the strain impacting those other organizations.
Regardless, there's been an uptick in SamSam attacks since about Jan. 11, although some security experts saw the start Dec. 25. As these attacks show no signs of slowing down, it's important for healthcare security leaders to understand how the virus gets in to prevent falling victim.
[...]
There are a few different ways a hacker can use SamSam to get into a system, explained Kim. For example, those who use weak passwords, reuse passwords and fail to limit admin credentials. A brute force tool can break weak credentials to get in, especially if an organization has failed to limit the number of attempts allowed by a user to get into a system.
Organizations that also fail to monitor an abnormal amount of attempts are also at risk.
One of the things seen by CynergisTek Executive Vice President of Strategic Innovation David Finn is that often organizations put antivirus on laptops, desktops and other physical machines, but fail to keep servers locked up and safe with antivirus.
"It needs to be on all of your endpoints," said Finn. "We sometimes forget about those servers being endpoints."
While SamSam is highly effective, Finn said, "it isn't terribly sophisticated."
The virus is spread through the web and Java apps, as well as other web-based applications, explained Finn. And once it gets into the system, it spreads -- without a malicious email. SamSam can be stopped if detected before it gets into a system, but "once it's spread: it's over."
"It speaks to effectiveness not sophistication," said Finn. "That's one of those things that makes it more insidious. It can traverse the network without human intervention. That's why the prevention piece becomes more critical."
Source: Healthcare IT News (View full article)
Posted by Dan Corcoran on January 29, 2018 07:01 AM
Post a comment