Wednesday, July 27, 2016

Med Star Health: Ransomware

Ransomware is well know in our environment. This has been used in its various forms to attack and encrypt critical data. As noted several times, a particular target has been the medical field. The end result of this has been mixed with businesses paying the ransom while others not.

One such firm that did not pay was Med Star Health. On a Sunday evening in March 2016, the issue was found at one of the three offsite locations. As time was of the essence, a mid-level director was the point of contact and made the difficult decision, which was also per the protocol, to shut down the electronic medical records system, affecting greater than 370 systems. At this point, the operations were slowed to a snail's pace. This was related to patient care, monitoring biomedical equipment, and many other pertinent services.

There are a number of lessons to be learned that are applicable to not only the medical field, but most others. Due to the users, equipment, and operations affected by this, the decision had to be made quickly. Time was very much of the essence. Waiting or paralysis by analysis would have only made the circumstances worse and cost the business more, both financially and operationally.

Every business should expect to be attacked at some point. This allows for the planning and preparation to this place well before any issue. This reduces any ambiguities and allows for the security in depth to be applied.

The staff members and organization should be able to operate while not using the current level of technology. In the case of a verified attack, the system may have to be shut down and the operations would need to be done low tech. The staff needs to be able to work effectively in this environment. For instance, when the electronic medical records/electronic health records (EMR/EHR) is not operable, the staff would need to work from printed off "face sheets" or patient files showing the treatments, pharmaceuticals, patient's face, etc.

Lastly the subject matter experts in your organization need to understand the problem but need to explain the situation to others. Knowing the information is fantastic, however the person needs to be able to express this to others.



Miel, LLC Infosec Managed Services & Consulting
  
810-701-5511

charlesparkerii@gmail.com

It is not about winning or losing, but reorienting yourself to the real problem-managing the risk across the enterprise.


No comments:

Post a Comment