Fighting ransomware

Nathan Littauer Hospital Vice President, Information Services and Chief Information Officer Martin Brown works on a computer in the hospital on Wednesday. (The Leader-Herald/Kerry Minor)


It can start simply. Someone clicks on an email and types in a password to a prompt that seems official.

The next thing the company knows, their data is being held ransom with a hacker demanding money to be paid through Bitcoin, or data will be deleted.

As ransomware such as WannaCry have created headaches for hospitals and practices in other countries, the United States hasn’t been as affected.

Nathan Littauer Hospital Vice President, Information Services and Chief Information Officer Martin Brown said much of that has to do with preparation and laws in place to protect patient information.

“I didn’t lose any sleep over it because of the preparation that we’ve done is adequate to protect us from this ransomware and other viruses,” he said.

He said ransomware attacks are a new take on viruses, which try to extort money directly instead of trying to obtain passwords of identity stealing information.

“It encrypts all of your files that it can find on your computer and then says deposit money into Bitcoin and we’ll give you the key,” Brown said.

Brown said he hasn’t heard of any successes through WannaCry.

Brown said hospitals in the United States are not being affected like other countries due to Health Insurance Portability and Accountability Act, HIPPA, of 1996 and the American Recovery and Reinvestment Act, ARRA, of 2009. He said HIPPA put in place regulations to control and secure health information and ARRA provided funding to take care of HIPPA.

Brown said hospitals across the country have been investing in systems to protect medical records. He said in addition, in order to keep ARRA funding, hospitals need to do annual risk assessments on their systems.

“I think those two things that have become common practice for hospitals and providers has really resulted in a positive affect for our country and blocked this from occurring,” Brown said.

Brown said hospitals use things such as standard firewalls, scanners for emails and Internet scanners that block certain websites.

Brown said hospital IT personnel also do things such as paying attention to system updates. He said a recent one involved Microsoft XP.

He said the hospital was given a date when Microsoft would no longer be making security updates to the XP system, so the hospital knew it need to update its systems. He said any medical device that can’t be updated is completely isolated from the Internet.

“We protect our systems by keeping them up to date,” Brown said. “We have invested in systems that automatically load security updates on all of our machines in our organization.”

Brown said the fix for this problem was released on March 14, almost two months before the issue hit the news, through an automated update.

“Just our regular processes protected us,” Brown said.

Brown said hospitals and medical centers can be targets since they have data and information that hackers want. He said the public hears about places like retail establishments that are locking down their systems and go looking for a soft target.

“Maybe we have a reputation of not being technically savvy, but I don’t think that is true,” Brown said.

Brown said NLH has very good and knowledgeable staff in its IT department who keep up to date on the latest developments and security measures.

The hospital also trains its staff from the start on email security during orientation. Staff are also trained in HIPPA regulations.

“The newest virus that there is no fix for can still get you, the most common way now is through opening an email,” Brown said.

He showed one example recently sent to employees. It carried an official looking USAA bank logo and stated the recipient needed to long in with their banking information.

“Those scare me the most, that someone is going to click on the link,” Brown said. “That’s not a virus probably, but it entices you to click.”

Public relations coordinator at NLH Carla Kolbe said staff gets updates from IT officials about such emails that are going around.

Brown said the hospital has had successful lockdowns in the past.

“I know that we are capable of detecting these things within 10 or 15 minutes and shutting down the source and cleaning, and really staff. They react quickly when these things can and do happen,” Brown said. “We are able to contain and remove them from our system.”

Brown said there is a good employee pool in Fulton County. He said having staff right on hand is helpful as well, allowing for quick response to issues.

“It’s imperative to protect us from these kinds of things, having highly educated qualified staff,” Brown said.

Brown said in a hospital protecting privacy and information is important, but at the same time, immediate access to patient information is needed for treatment by doctors and nurses. He said this fine line makes hospitals different from other places such as retail establishments.

“Everyone needs to be aware of what is protect information. When requests come in when to say no,” Brown said. “It’s a constant balance that hospital staff and IT workers need to be aware of.”

He said in addition, hospitals can’t shut down their entire system to make updates or repairs, since they are needed 24 hours a day.

“We put the users at number one,” Brown said.

Kerry Minor can be reached at [email protected]

By Patricia Older

Leave a Reply