HHS Releases Guidance for Practices on Latest Cybersecurity Threat

Share
  • Twitter
  • Facebook
  • email
  • StumbleUpon
  • Delicious
  • Google Reader
  • LinkedIn
  • Google Bookmarks

    Whitfield L. Knapple, MD, FACG
    Chair, ACG National Affairs

    As you may have seen reported in the news, multiple versions of a new ransomware cyber-attack called “WannaCry,” “WCry,” “Wanna Decryptor,” or “WannaCrypt,” was executed at the end of last week that impacted many businesses and users around the world.   Physicians should ensure that their computer’s operating systems and anti-virus software are updated and patched:

    • Run Windows Update immediately.  Download and install any available updates (‘patches’).  Run a scan on your anti-virus software and follow its prompts.  Microsoft has released a customized patch for older platforms that do not receive mainstream updates, including Windows XP, Windows 8, and Windows Server 2003. At this time, Windows 10 has not been targeted by the attack.
    • Check your computer’s settings to ensure that the system will automatically download and install new versions of the operating system and Microsoft Office software.  Do the same for your anti-virus software.
    • Note when the computer will install these new updates, and make sure the computer is on at that time.

    While this specific malware did not have much impact in the U.S., physicians should contact their medical device vendors and manufacturers to ensure that they have patched their device software.  ACG encourages members to be prepared for any threat in the future.  The way ransomware works is by taking over your computer and essentially locking you out by encrypting your files.  The hacker may then demand a “ransom” by forcing you to buy and transfer bitcoin to them in return for the decryption key necessary to unlock your files.  The latest hack targets the Microsoft Windows operating system

    If your organization is the victim of a ransomware attack, HHS sent out the following recommendation and steps earlier this week:

    1. Please contact your FBI Field Office Cyber Task Force (fbi.gov/contact-us/field/field-offices) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
    2. Please report cyber incidents to the US-CERT (us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
    3. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov.

    More important information for GI practices:

    Whitfield L. Knapple, MD, FACG

    Chair, ACG National Affairs Committee

    Share
    • Twitter
    • Facebook
    • email
    • StumbleUpon
    • Delicious
    • Google Reader
    • LinkedIn
    • Google Bookmarks