Question

Present a summary of a Ransomware/Malware case in which a healthcare facility/organization was targeted and dealt with the threat or mitigated the exposure. Identify a strategy the organization could consider to limit potential exposure to this issue in the future (this may include strategies outlined in interviews/articles about the case).

The four heavily cited types of ransomware/malware that have occurred over the last few years are (1) Wannacry (2) Locky (3) Petya/NotPetya (4) SamSam. You may choose your own healthcare facility/organization in order to ensure you can find enough information on the case. You are not limited to the four types of ransomware/malware listed above, you can absolutely choose a different one or a case where the type was unknown, just ensure that it is a healthcare facility/organization and a form of malware/ransomware. If you have work or had experience with a healthcare facility/organization that experienced a ransomeware/malware case that was not publicized you are more than welcome to use that as well!!

Your post should be a minimum of 250 words and have all work use cited using APA format.  Be sure to include any supporting documentation.

Answer 1

It is a well-known case of SamSam or Samas ransomware targeting Hancock Health in the US back in early 2018. Unlike other ransomware, SamSam does not need to be attached to an email. It can be remotely activated when enough or sufficient data is primed. SamSam is more of targeted ransomware, unlike other ransomware or malware which are quite random. That is the group specifically target an organization or company or system.

In the case of Hancock Health, all the files were renamed as "we apologize" or "we are sorry". Initially, the IT department thought that the data was safe and they only needed to run a system check. It was only later that they realized that they had been hacked by something much more severe. They had to shut down their systems immediately. All there files had been attacked. None of their data was safe. They even had to think of the possibility of the attack in the clinical equipment like ECG machines, IV pump, and ventilators. They had to re-route all new patients to other hospitals. All their online systems were down and they had to work with pen and paper.

The threat group demanded 4 bitcoins which is approximately $55000 for the decryption files. The management had other options but they needed time to implement any or all of them which they did not have. The threat group had demanded money within a period of 7 days. Keeping in mind the confidentiality of the patients' data and also the need to not allow any further damage, the management paid for the ransom and retrieved their data and files.

For future damage control, the following measures can be taken to prevent any such attack

1. All external facing applications like Java etc. need to be kept updated and any errors rectified immediately.

2. All external facing applications need to have 2-factor identification or authentication.

3. All critical information should be backed up in a routine manner. These data should be stored in a secure location.

4. Users should be made aware of the interface that resembles ransomware.

5. All forms of anti-virus, anti-malware, and anti-ransomware should be regularly updated.

6. Users should be trained to detect and act on such malware and ransomware.