How Unsecured WordPress Infected a Clinic with Ransomware — Hosting & Cloud Solutions — HIPAA Compliant — HIPAA Vault

by Stephen Trout

Just as the world has witnessed novel variants of the COVID-19 virus (and may continue), new variants of ransomware continue to appear since the first documented case in 1989.

And while loss of life, thankfully, is not rivaling the pandemic, poorer health outcomes for scores of patients impacted by ransomware have resulted.

For example, summary findings from a recent Ponemon Study revealed,

“Along with an increase in mortality, the survey of roughly 600 providers also found ransomware resulted in more complications from medical procedures, delays in procedures and tests resulting in poor outcomes, an increase in patients being transferred or diverted to other facilities, and longer patient lengths of stay.”

Financial losses are also steep — to the tune of more than $20 billion in 2020 for healthcare organizations, as noted in another study by Comparitech.

That’s the big picture.

Examining a specific, real-world case of ransomware can also help illustrate how easily healthcare clinics are impacted. Of note, we also see how a WordPress site, if unsecured, is the perfect vehicle for the attack.

The following ransomware attack — directed against the Kelsey-Seybold Clinic of Houston back in 2015 — is here described by Martin Littmann, their Chief Information Security Officer:

“Two employees working in the same department visited a daycare site to look at their services during lunchtime. That site was built on WordPress and was not kept current. The malware they received as a drive-by download was a zero-day variant of Crypto Locker.”

At the moment the malware was detected, Littman notes, users at the clinic were finding network file shares that could not be accessed.

The result?

Littman’s team discovered “hundreds of thousands of encrypted files across two department shares,” along with an infected physical PC and virtual desktop.

Mitigation

Fortunately for Kelsey-Seybold and their patients, mitigation and containment efforts were fruitful — but only because cyber resources and expertise were readily available.

Littman’s security team achieved a clean image of the virtual desktop through a reboot, and the physical machine was removed from the network and re-imaged. Affected files were also restored from snapshot backups, to allow users to continue their business processes.

So what was learned through the attack? At least 3 lessons, Littman says:

Obviously not every healthcare organization has fared as well. Smaller clinics, in particular, (see Wood Ranch Medical) are especially at risk since they typically lack the security resources and budget of larger organizations. Make no mistake, everyone is a target.

What are some actionable items then that you can use to help protect your practice?

1. Kelsey-Seybold realized the need for improved user education, including regular phishing testing, to help their staff be vigilant in the face of ransomware and other attacks.

2. Data backups were essential to get Kelsey-Seybold up and running in a short time. Rapid restore and hosting that includes a second, geographically removed data center is also invaluable to recover from ransomware or other malicious attacks.

A managed security service provider like HIPAA Vault can provide these important services — as well as finely-tuned SIEM capabilities for improved network security — wrapped in one, affordable monthly price. You’ll help protect your patients and preserve business continuity while freeing your staff to focus on direct patient care.

3. It’s almost a given: your WordPress site will get infected — and possibly infect other sites — if not secured. If the daycare in question had insisted upon maintaining an up-to-date WordPress site, they likely wouldn’t have been the vehicle for the spread of ransomware.

Again, here is where HIPAA Vault can help! Our affordable HIPAA WordPress is designed for healthcare providers of all sizes. We manage all updates, plugins, and patching to keep your site running securely, optimized, and able to resist the latest attacks.

To be sure, every organization and individual that handles PHI must be vigilant. As we partner with you, be assured that strategic measures for fighting ransomware are included in all HIPAA Vault compliant hosting plans. Our fully-managed anti-malware solutions and an Intrusion Detection System (IDS), Advanced spam filtering, regular, offsite system backups, password management policies, and multi-factor authentication come standard.

Fighting ransomware is now a necessity for healthcare organizations. Prioritizing data security and finding the right HIPAA Compliant hosting provider who is on the job 24/7 is key.

HIPAA Vault is a low-cost leader of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities.

If you have any questions on HIPAA data security or any of the services we provide, please contact us! 760–290–3460.

Originally published at https://www.hipaavault.com on November 3, 2021.