Ransomware Attack Leads to Discovery of Lots More Malware
Missouri Clinic Finds Computers ‘Loaded with Malware’
… Tom Walsh, president of consulting firm tw-Security, notes that some studies have shown that it often takes more than 100 days for organizations to detect a hack.
Unfortunately, “often the audit logs for the EMR and/or the IT infrastructure are only examined when there is an issue.”
—Tom Walsh, tw-Security
“Often the audit logs for the EMR and/or the IT infrastructure are only examined when there is an issue,” he notes. “Also, it has been my experience that to save money on memory storage, most clinics and physician practices are not retaining audit logs for a long enough period to detect a trend spanning over 100 days or more. Often the audit logs are overwritten about every 30 days.”
Without reliable audit logs and review, “there is no telling how much malicious code is loaded on computers and servers. Once there is an issue and a more thorough investigation is conducted, there are discoveries made of additional malicious code,” Walsh says.
… Walsh says organizations need to take several critical steps:
- Create an audit log strategy that includes log retention schedules as well as copying and securely storing logs to prevent a hacker from erasing the logs;
- Proactively monitor certain user behavior or activities through audit tools or some type of security monitoring service;
- Implement a next-generation firewall;
- Educate users about not clicking on hyperlinks and opening attachments;
- Restrict user access to the internet, and block access to personal webmail;
- Limit local administrator rights.
Walsh notes that clinics tend to outsource their IT – including EMR and IT infrastructure support – because they do not have in-house expertise.
“The IT support staff are limited in the services they can provide because the clinic owners don’t want to spend the money needed for securing their IT environment,” he says.