Skip to main content

Healthcare Cybersecurity Environmental Scan Report, Volume 2

Authored by: Lee Kim, BS, JD, FHIMS

Threat, Vulnerability, and Mitigation Information

  1. US-CERT and the Canadian Cyber Incident Response Centre have issued Alert (TA16-091A), entitled “Ransomware and Recent Variants.”  Locky and Samas, two ransomware variants, have been observed infecting healthcare facilities and hospitals worldwide.  It also has been reported that systems infected with ransomware are infected with other malware (e.g., CryptoLocker and GameOver Zeus).  Previously, June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOver Zeus and CryptoLocker.
  2.  Researchers have observed a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant, thus changing the threat landscape for ransomware delivery.  Researchers have also estimated that there are 3.2 million vulnerable machines running unpatched versions of JBoss, which this ransomware variant targets.  Information for securing JBoss application servers can found from resources such as this one.

(2 of 13)

Resources

1. The 2016 Verizon Data Breach Digest states that insider threat continues to be a problem for the healthcare sector.  Source of insider threat problems can be from infected USB drives, rogue employees, and third party partners.  Additional detection and mitigation information can be found here (posted with permission)

(1 of 4)

Click here to learn more