Kudos to Cyber Sleuth

A 22-year-old cybersecurity pro in the U.K. stopped yesterday’s global ransomware attack, WannaCry. A link to his blog explaining how he did it is below. It’s technical – in plain language and somewhat simplified, his work started when he obtained a sample of the malware, ran an analysis and “instantly noticed it queried an unregistered domain” which he promptly registered. Then he:

  1. diverted some of the malicious traffic into a sinkhole “a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them”
  2. gathered data on the geography of the infections, and
  3. reverse engineered the malware to look for vulnerabilities.

He continued his detective work and reached out to colleagues over Twitter – collaboration and rapid action worked. Ultimately the sinkhole trapped the infection and halted its spread. You can read his blog here: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

Don’t become complacent and assume someone else will fix the problem. In healthcare there are steps you should take to prevent ransomware. The HIPAA Security Rule contingency plan is a blueprint for preparing for and recovering from a ransomware attack. It requires data backup, disaster recovery and emergency mode operation plans that enable you to resume normal operations and maintain the confidentiality, integrity and availability of your data. Always update your software, install the patches provided, and train your staff to stay alert.

Without a contingency plan, you’ll be in the unfortunate position of paying ransom to a criminal to decrypt your data who may take the money and run – RanScam!  Or take the money and also sell your data.

Follow HIPAA and thumb your nose at the cyber criminals.

More information for Microsoft consumers is here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free