What happened at MedStar Health?
And why it could easily happen to your practice or business
Despite MedStar undoubtedly having a very large IT cybersecurity budget, they still fell victim to a ransomware virus allegedly after an employee clicked on a link in an email. The chain of events found its way to an unpatched Linux server that had a security vulnerability on it that dated all the way back to 2008. The Linux software manufacturer developed and supplied a fix for the security issue shortly after it was discovered in the same year, but MedStar’s technical support team left it unpatched.
That leads me to ask—how many machines are still left without the proper security updates applied at their locations but more importantly at your location? Any single workstation, much less a server, can have over a dozen pieces of software that need to be constantly updated. From Adobe Reader, Adobe Flash Player, Java, and Microsoft Office (only to name a few), there are always security flaws and vulnerabilities that are realized by the software vendor who subsequently issues a fix in the form of a download. Most of these downloads have to be downloaded and applied manually. So, if you have a small practice or business without a dedicated technical person looking for these types of issues, you should ask yourself who is making sure that these updates and being applied and that they are current?
Another question that needs to be answered about the MedStar event is why it took so long for MedStar to restore their data and have their systems back online. Reports have suggested that it took close to a week for that to happen. One would imagine that MedStar would have state-of-the-art data backup systems with multiple options for restoration. The best way to combat a ransomware virus is to accept that you had weaknesses in your cyber-defenses and concede that you had a “they got me” moment and do not pay the ransom but rather move on to the data restoration process as soon as possible. With the correct layer of backups, your server should be able to be restored in time measured in hours not days.
Questions to ask yourself about your small medium-sized business or medical practice IT system:
- Is my front-end security in place?
- Is my firewall current and does it have the latest firmware updates applied?
- Do all of my servers and workstations have the LATEST anti-virus version and definition updates applied?
- Are my data backup systems current and operational?
- Is my data backup an automated process or does it rely on a person to manually perform this function?
- Has my data backup actually been tested to see if it can restore the files that I need restored?
- Is there a layered approach to my backups?
- Do I have an off-site data restoration option in the event that there is a major catastrophe at my place of business?
- Have my employees / end-users been educated on what to do and not to do when using company IT systems?
- Do I have an IT manual that outlines what is expected of my employees as it relates to the IT systems?
- Is there a formal disaster recovery plan in place that details the steps to take to recover from a significant IT security event?
- If you answered “no” to any of the above questions, then it’s time to make a change regarding your IT system management.
If you have questions about this article, please contact Dave Thomas, Director of Technology Services, Kenneally Technology Services, 443.829.9897, firstname.lastname@example.org.