The document summarizes a ransomware attack on a medical practice. Key details include:
- The attack encrypted files and demanded ransom payment in bitcoin to unlock them.
- It crippled the practice's technology for over a week and forced them to use paper records.
- Lessons highlighted the need for incident response plans, backup protocols, and software updates to prevent or recover from such attacks. Recommendations emphasized educating staff, access controls, backups, and antivirus to protect against ransomware.
1. RANSOMWARE ATTACK ON A
MEDICAL PRACTICE
A NETWORK SECURITY CASE STUDY
FOR
MBA-I
Subject :ITM
Curriculum Topic: Overview of Security Issues in Information Technology
5. Out of Many Future challenges in computer science
biggest is Network security
The exabyte is a multiple of the unit byte for digital information. In the
International System of Units (SI), the prefix exa indicates multiplication by the sixth
power of 1000 (1018). Therefore, one exabyte is one quintillion bytes (short scale).
The symbol for the exabyte is EB.
6. Case Study
• To help you gain an understanding of what a medical
practice experiences during and after a ransom ware attack,
here is the story of one such attack.
• Link: C:UsersomDesktopransome
7. Message could be like:
Bitcoin is a digital currency (also called crypto-currency) that is not backed by any country's central bank
or government.
Bitcoins can be traded for goods or services with vendors who accept Bitcoins as payment
8. Which type of Attack was it??
The attack used what's known as "ransom-ware" -- malicious software that encrypts
files which can only be unlocked with a software "key" after a ransom is paid.
12. Background
• This medical practice was hit by Malware, a
type of ransomware virus.
• It rendered the practice inoperable for several
days, and crippled its technology for more
than a week.
• The attack made its way onto one of the
practice's computers via an email attachment,
which had the appearance of a vendor
invoice.
15. Organizational Impacts Patients Impacts
• key systems got affected, including
telephones
• The medical center staff had resorted to
pen and paper and even fax machines,
use their own mobiles for
communications
• Patients could not communicate easily
• wealth of sensitive data from patients
was difficult to recover
• The entire process took several days as
the backup data was stored offsite, which
required transportation of the data.
• The data needed to be cleaned with
antivirus software; and then settings and
policies needed to be recreated.
• hackers encrypted the hospital's data
• patient and outpatient records, insurance
documents, internal communications and
a host of other files being handled by
multiple vendors….failed?
• People with serious health problems
could be denied care.
• worst-case scenario involved, hackers
taking over smart devices that monitor
vital signs and deliver drugs.
16. Ransom ware is just
one kind of malware
malware is just one form of
information risk
information risk is just one form of
many risks of concern to the
organization
Findings:
The problem found is a big chain
17. Findings:
• Hospitals and doctors' surgeries were forced to turn away
patients and cancel appointments after they were
infected with the ransomware, which scrambled data on
computers and demanded payments of $300 to $600 to
restore access
• People in affected areas were being advised to seek
medical care only in emergencies.
• If they decided to pay the ransom, it probably means that
they didn't have very good backups, they weren't able to
recover the data, and that the data would have been lost
if they didn't pay the ransom
18. Findings:
Agencies into investigations were:
The Federal Bureau of Investigation, formerly
the Bureau of Investigation, is the domestic
intelligence and security service of the United
States,
The National Security Agency is a national-
level intelligence agency of the United States
Department of Defense, under the authority of
the Director of National Intelligence
19.
20. Lessons Learned
• Preventive controls can not be completely
relied upon
• Adequate incident management and business
continuity arrangements (including resilience
,recovery and contingency elements) are clearly
essential to cope with serious incidents of any
kind
• We should review our business continuity
arrangements(e.g offline backups),test/exercise
and improve them to increase assurance that
they will work properly when called upon
21. Why MALWARE GETS IN?
It is obvious that users do not want to download
viruses to their computers. Some of these factors
include the following.
Lack of knowledge
Overlook the danger surrounding visiting certain
sites
Inappropriate anti-virus installations
22. Outdated necessary software (like Java, Acrobat,
Browsers, and others)
Sticking with old computers
Desperate attempts to solve computer problems
Glassberg (2016) suggested that users could
download and install malware on their computer
from the following sources: -
Drive by download
Clicking on a wrong advertisement pop-up link
- Phishing attacks through email attachments
23. Recommendations:
Here are valuable tips to follow
that will help protect your
practice from ransomware or at
least put in a position to respond
more effectively if you suffer an
attack
26. • Healthcare organizations of all sizes need to
ensure they are regularly updating their
technological, administrative and physical
safeguards as cyber security threats continue
to evolve.
• This is particularly true when it comes to
ransomware, as this type of cyberattack has
the potential to paralyze a medical practice,
or, at the very least, severely disrupt its daily
operations and patient care.
.
27. Protect your Business:
Tips to prevent being a Victim of
Malware/Ransomware:
• Educate your employees
• Manage the use of privileged accounts.
• Employ a data backup and recovery plan
• Configure access controls
• Use virtualized environments
• Make sure all business devices are up to date.
• Always use antivirus software and a firewall.
28. • Enable popup blockers.
• Always back up the files on your computer and
mobile devices and keep the backups offline.
• Keep your computers and mobile devices up to
date.
• Maintain a nightly or hourly backup of your files –
there are many online services that are available.
• Keep antivirus and all other software up to date,
including Windows Updates. Don’t click on and
open things that are unfamiliar and always read
the fine print before downloading things.
29. • Don’t click OK on a popup!! That means you
are accepting whatever they are sending to
your computer – close the popup by clicking
the “X” in the upper-right hand corner of the
popup.
• Ensure you don’t have full administrative
privileges to your computer, this could cause
something to install on your computer
without prompt.
30. By paying criminals, you're giving them an incentive and
the means to develop better ransomware.
"If you pay, you make it that much worse for everyone
else," says Casesa. "The bad guys use your money to
develop nastier malware and infect others.“
conclusion