SamSam Ransomware Continues to Threaten Healthcare Sector

 Public facing servers are believed to be the point of entry, not phishing.
Public facing servers are believed to be the point of entry, not phishing.

Hackers have launched at least eight separate cyberattacks on healthcare and government organizations so far in 2018 using SamSam ransomware, according to the Department of Health and Human Services. 

Although SamSam was originally discovered in 2016, the criminals using it began to ramp up activity in December, 2017 and have continued to increase its use in 2018. SamSam was behind the Allscripts attack for example, two Indiana based hospitals, the Erie County Medical Center, the Colorado Department of Transportation, and the City of Atlanta, among others.

This ransomware does not work by tricking users with phishing. The attacker is believed to gain initial access to the target systems through open public facing servers (Remote DesktopProtocol/Virtual Network Computing), before gaining access to additional computers once inside the network and deploying the SamSam malware.

Healthcare is particularly vulnerable. “Due to the sector’s reliance on IT systems and the operational importance of patient data and records, the ransomware risk to the [health] sector is expected to continue for the foreseeable future,” HHS officials wrote. “Organizations are encouraged to utilize data backups and develop contingency and business continuity plans that can ensure resilient operations in the event of a ransomware event.” 

“The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification regulations require HIPAA covered entities and their business associates to safeguard protected health information (PHI). The HIPAA Security Rule requires implementation of security measures that can help entities prevent the introduction of ransomware as well as assist entities in how to respond and recover from ransomware attacks. Some of these required security measures include:

· Conducting a risk analysis to identify and assess risks to electronic protected health information (ePHI);

· Implementing security measures to mitigate or remediate identified risks;

· Implementing procedures to guard against and detect malicious software;

· Training users to assist in detecting malicious software and how to report such detections;

· Establishing contingency plans including data backup and recovery; and

· Developing procedures for responding to security incidents such as a ransomware attack.

All of these prevention measures are included in The HIPAA E-Tool®. In particular, the Risk Analysis – Risk Management section provides guidance needed about contingency plans and data backup. It’s impossible to create the back up or the contingency plan after the fact – the only way to stay safe is through prevention and planning. With The HIPAA E-Tool® your Risk Management Plan is easy to do, with step by step instructions and a dashboard to guide your progress – see below. All the data is archived so your work next year is easier to complete, and all is documented and saved, at your fingertips whenever you need it.

 The new dashboard in the Risk Analysis - Risk Management section guides staff through the process, allows for stop and start work to completion, and helps management see progress.
The new dashboard in the Risk Analysis – Risk Management section guides staff through the process, allows for stop and start work to completion, and helps management see progress.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

Office
8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU