Home » Readers Write » Currently Reading:

Readers Write: Malware Lessons Shared: Seven Key Questions for Health Leaders to Ask About Cyber Preparedness

August 30, 2017 Readers Write 1 Comment

Malware Lessons Shared: Seven Key Questions for Health Leaders to Ask About Cyber Preparedness
By Joe Petro

image

Joe Petro is SVP of engineering for the healthcare division of Nuance Communications.

As business leaders, we must confront a new reality: our organizations are facing an unprecedented threat from cybercrime. The number of cyber incidents is growing and the nature of the attacks is evolving. They are becoming faster, more sophisticated, and more potentially destructive. As the severity of incidents increases, the knowledge to address the technical aspects and manage through an attack has become essential to our skill set.

For those reasons, we think it’s important to share some of the lessons we’ve learned since we were affected by a global malware incident on June 27. Cybersecurity experts later identified the malware as NotPetya, highly sophisticated malware written to provide disruption and destruction rather than to demand ransom. It spread quickly, and unlike some malware, patching alone would not have stopped its propagation.

Our first priority was to contain the incident and protect our customers. This meant immediately commencing shut-down procedures across our global network to contain the spread of the malware. These actions affected our ability to communicate with our customers, employees, and other stakeholders, and we immediately sought alternative ways to alert them to the situation. To ensure they had up-to-date information, we hosted daily conference calls and corresponded via email with affected clients. We regularly posted updates to a dedicated Web page in addition to conducting a very large number of one-on-one client calls and meetings.

Importantly, we were able to tell them that NotPetya does not have the ability to copy or extract file contents from affected systems or allow any unauthorized party to view file contents on affected systems. In other words, no Nuance customer information was altered, lost, or removed by the malware.

After containing the spread of the malware, our focus turned to restoring our clients to full functionality. Our dedicated staff—along with third-party experts in cybersecurity and forensics—rapidly initiated restoration efforts. At the same time, we enhanced our security against similar future incidents to ensure we emerge from this incident with an even more secure operating environment.

We are committed to sharing the knowledge we have gained from our own response and recovery process. The more we know about malware like NotPetya, the more powerful we all can be in combatting future cybercrimes. Early lessons include:

  • Incident notification protocols should be as simple as possible, with multiple layers of redundancy to ensure stakeholder communication can continue at all times. This is particularly critical in the early days of response, when normal channels may not be viable.
  • Increase network segmentation, including adding micro-segmentation.
  • Even fully patched Windows machines remain vulnerable to certain exploits and vulnerabilities. We have deployed a hardening process that disables SMBv1, enables additional blocks on host-based firewalls including blocking unnecessary SMB ports, disables unnecessary usage of WMI and PsExec, disables unnecessary admin shares, increases logging levels, and validates that each system meets a minimum baseline of security measures.
  • Cyberattacks can occur very quickly, challenging even the best prevention systems. Thus, the best strategy is a combination of prevention, detection, and containment.

Healthcare and IT leaders need to ask the right questions now so that they can be better prepared for a malware incident in the future. Below are seven important security questions every leader should consider:

  1. Cybercrime is part of the new reality for every company, organization, and person. What can you be doing now to prepare for this scenario?
  2. How comprehensive are your security policies, and do those policies actually translate into deployed security capabilities?
  3. Have you developed a crisis and disaster plan and communicated it broadly throughout your organization?
  4. How would you communicate to your staff, your board, your customers, and your patients?
  5. What are your primary vulnerabilities? What measures are you taking to ensure patient data is protected?
  6. Do you understand and align with your vendors’ security policies and do you have the appropriate validation and/or risk assessment programs in place?
  7. Have you identified a team of outside experts to help in case of an incident, including cyber security firms?

    View/Print Text Only View/Print Text Only


    HIStalk Featured Sponsors

         

    Currently there is "1 comment" on this Article:

    1. I cringe at each article I read about the malware event at Nuance. They continually claim no customer information was lost, yet 2 products were never turned back up. iChart and Beyondtxt customers were offered an alternative system, but all historical information, all dictation data, all worktype pools, all templates, all normals, all customer specific programming remain unavailable. Does this fit the definition of lost?







    Subscribe to Updates

    Search


    Loading

    Text Ads


    Report News and Rumors

    No title

    Anonymous online form
    E-mail
    Rumor line: 801.HIT.NEWS

    Tweets

    Archives

    Founding Sponsors


     

    Platinum Sponsors


     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Gold Sponsors


     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Reader Comments

    • Joanna Wyganowska: Dr. Jayne - I believe that the workflow and patient experience innovation already exists. As an industry, we just do a ...
    • Singularity: Having worked with Epic at various sites for years, I wish they'd recognize that where they're struggling most with inte...
    • Wearyof it: I love reading Dr. Jayne. Her writings are practical, helpful, provide usable concepts and practices to consider, and ju...
    • Laura K.: It's a sad commentary when we compare the US Healthcare to the typical DMV, but the parallels are undeniably present. ...
    • Orlando Portale: Jayne, many top tier Academic Medical Center's are island's of clinical excellence, surrounded by the Department of Moto...

    RSS Industry Events

    • An error has occurred, which probably means the feed is down. Try again later.

    Sponsor Quick Links