Tuesday, July 24, 2018

Cass Regional Medical Center in Missouri Back Online after Ransomware Attack

As of July 18th, Cass Regional Medical Center is no longer sending emergency patients to other hospitals.  Lest anyone out there think that cybersecurity and/or Ransomware are only for the really big players to worry about, think again.
The problem began on July 9th when problems with their internal communications systems and access to the EHR data being affected.  The result was that emergency patients and stroke patients had to be diverted to other healthcare facilities.
The good news is that the hospital does not think any PHI was compromised, but the bad news is the potential problems that might have affected patients in treatment.  That last statement is in no way an indictment of Cass Regional, but against those who shut the hospital down.  Crooks with no morals are playing a potentially deadly game here and the lives of human beings hang in the balance.

It seems that the cause was a brute-force attack via Remote Desktop Protocol (RDP) and may have included the SamSam Ransomeware.  To prevent SamSam ransomware attackers from succeeding, HHS advises healthcare organizations to restrict access behind firewalls with RDP gateways and virtual private networks, use strong/unique username and passwords with two-factor authentication, limit users who can log in using remote desktop, and implement an account lockout policy to help thwart brute-force attacks.

No comments:

Post a Comment