WannaCry, WannaCrypt, Wana Decryptor or WCry, whatever it is called, ransomware has been spreading through over 150 countries and many are concerned for good reason. The WannaCry malware attack is the largest ransomware attack to date.
The attack started on Friday (5/12/17) and locks people out of their computers, encrypts their data, and demands them to pay up to $300 in bitcoin to receive a decryption key. The price then doubles after three days and if the ransom is not paid, all files are permanently deleted. To add insult to injury, WannaCry also behaves like a worm; the malware can potentially infect computers and servers on the same network.1
The ransomware was slowed by a single security analyst last week after discovering a kill switch in WannaCry’s code. Since then, WannaCry has been updated without the kill switch, allowing it to grow further. The attack has now reached over 150 countries and around 216,000 computers.2
Here at Total HIPAA, we offer resources and services to help you figure out what to do next in preventing you and your organization from becoming a victim to ransomware and any other type of malware attacks. Health and Human Services Office of Civil Rights (OCR) has recently posted guidance on HIPAA specific to ransomware. OCR reaffirms that implementing HIPAA standards will provide safeguards against WannaCry and malicious software.
Read through the sections on areas we suggest you cover to reevaluate your business structure. There are blog articles we previously posted to help give guidance on topics that still may be questionable for your business.
3rd Party Vendors and Contractors
When looking into those 3rd party vendors and contractors hired to do a specific duty or there temporarily need to be properly handled for liability concerns. Your vendors, and, at times, your contractors will be considered business associates under HIPAA.
Passwords are simplest and best preventative measure a user can do to help protect your organization’s network.
- Creating and Managing Passwords
- Strong Passwords – Your Employees Most Important Contribution to Network Security
Ransomware and Malware Best Practices
Ransomware and malware are continuing to grow; read what you need to know about both and what you should do to prevent malicious attacks on your system.
- Malicious Social Engineering and HIPAA
- Are You Prepared for Ransomware?
- The Rise of Ransomware
- How HIPAA Can Help Deter Hackers
Microsoft Windows users were the prime targets in WannaCry’s attack. Make sure your versions are constantly updated and BitLocker 2 is enabled on your computer.
Encryption will keep hackers and viruses from using your files against you. By encrypting your devices, anyone who attempts to retrieve your information will receive it in an unreadable format. And since many of the attacks are through email and their attachments, an email encryption solution can be very useful (and highly recommend!). Using the cloud can cover you if you fall victim to ransomware because any files stored through your file sharing application can help you regain access without having to pay a dime to criminals.
- Encrypting Devices
- HIPAA Compliant Email Encryption Review 2016
- HIPAA Compliant File Sharing Review 2016