By now you have likely heard about the Ransomware pandemic that swept the world a few weeks ago, but how did it happen, what can you do about it, and what are the risks that face your practice in light of this newly emerged threat?
In early March of 2017, vulnerability in Windows file transfer protocol SMB version 1 was found. This is the oldest version of the underlying system that allows data in your EHR to get from your server to where ever you use it. If you’ve ever used a file share you know first hand what this technology looks like. It’s a great way to work with office data and manage its use between many people. It’s something that has been built into Windows since before XP, and we all rely on some version of it in our everyday lives. That’s what makes this vulnerability and the viruses that use it such a big deal. It’s use by so many people in so many places, often as a security measure itself, for so long that it’s a perfect storm. A worm based off of this vulnerability has the capability to easily spread from machine to machine inside a network that uses this protocol (which is pretty much all networks), and from network to network, for environments that have not closed this port.
Fortunately, Microsoft released a patch for this later in March, and all systems that have received this patch are immune to being directly infected by this software, so if you keep your computer up-to-date then you should be fine from that perspective. However, there are more risks associated with this kind of threat than direct infection. The biggest is the possibility of getting side-swiped by an outside machine that’s not been patched. In many networks, it’s possible to read write important files by just being on the same LAN as the target. This means if you let vendors or other outsiders on your network, they could, with no ill intent, encrypt all of those files. This is a common problem with Ransomware: it only takes one bad egg to spoil the bunch.
If you’re a NeKY RHIO client your core systems have already been patched against this particular strain of Ransomware. If you are not, we strongly encourage you to install the appropriate patch from this bulletin posted by Microsoft.
Consistently installing patches like this is the best way to ensure that you won’t be affected by the next round of malicious software like this. A valid version of Windows with updates enabled will largely take care of its self in this regard, but a holistic strategy provided by NeKY RHIO including tactics like defense in depth (blocking that port in the first place) and other multi-layered approaches to defending your infrastructure can ensure business, as usual, continues in the event of an attack.