Viruses pose a danger to health care computer systems. Regardless of the nature of a company, a business is a business — and no business is safe from spyware, viruses and malware.
Even though the purpose of spyware varies — for example, email hacking, identity theft, information theft, etc. — online criminals are creating new ways to wreak havoc and invade the privacy of public domains, businesses and private internet lines.
No one is safe, and the latest victims on the hacker’s list are the data systems of private physicians and health care establishments. The virus responsible for the trouble is a new type of ransomware called SAMSAM.
What is Ransomeware?
Ransomware is a type of virus intentionally placed within a central IT system by hackers who use it to identify and infiltrate vital and confidential data important to the company or business. This type of malware is independent of social engineering and also doesn’t need to use emails to be transmitted.
Ransomware uses unpatched servers to infiltrate the entire cloud system, contaminating other machines. Hackers then use the ransomware to expose the main data systems and hold them ransom — hence the name. They encrypt the data so that the legitimate users cannot access it, and offer to sell the key needed to decode it for money, often in an untraceable, online currency like bitcoin.
How SAMSAM Works
Similar to Locky, SAMSAM — a strain of ransomware — was reportedly responsible for an attack on a hospital in Kentucky.
With SAMSAM, hackers implement an open source application server called JexBoss, as well as other Java-based application systems, to hack into the home servers of hospitals or any other business. They place SAMSAM inside the main Web application server, and the infected home server, which is connected to all the other servers, gives the virus access to connected systems, letting it make its way into the Windows network.
According to Cisco Talos, this malware allows hackers to communicate with the victims, stating that they will not decrypt the malware until their conditions are met. Attackers who are behind SAMSAM malware are able to locate, manually control and delete vital data, and even access network-based backups. They can lock and shut down entire systems, completely blocking out the victim’s access to their own records.
Rather than a virus that just works arbitrarily, the attackers have complete control over what they view and what they can destroy. They are able to find and encrypt the victim’s data so that the victim won’t be able to recognize their own information. Victims have the choice of either paying the ransom fee, or suffer the consequences of never being able to retrieve their data.
How to Prevent Ransomware Invasion
Reports show that SAMSAM ransomware has been raging against the health care industry. The FBI are commandeering IT experts to give emergency relief to victims of ransomeware. It is strongly recommended that physicians and health care establishment managers invest in a solid security system and hire professional IT technicians to install protective software on their data systems.
Professional security systems provide strong passwords and deter easy access of macro loading in Office programs. They also provide recurring patching schedules which prohibit spyware viruses and activity such as hacking and ransomeware. Even though there are always threats to security and data, these preventative measures are still an operable defense.
Why Health Care Companies Need IT Protection
A reliable IT security systems gives sophisticated server protection for virtual, cloud and physical servers. Company applications and information will be secured in spite of business disruptions without the aid of emergency patching. The IT platform is completely handled by the security system and keeps it running smoothly.
For backup protection, the basic 3-2-1 method is still a good option: Make a minimum of three backup copies, placed in two separate locations, one of which should be stored outside your system, for example, a flash drive, a computer not connected to the internet, or an external hard drive not left connected to a computer.