It looks like SamSam is back. Not that it ever really went away. It a report published in Healthcare IT News they talk about how SamSam is back and still pummeling the healthcare industry. Hackers have hit at least eight different targets in the healthcare and government sectors.
What To Do
The Department of Health and Human Services strongly recommends the restricting of access behind the firewalls. Really, that is a “no-brainer”. They are also recommending a two-factor authentication, and limiting the users that have access to your network. As per the HIPAA policies, they would like to see more of the policies enforced, including a good business continuity plan and a good disaster recovery plan.
SamSam is Back
SamSam is back, but again, it never really went away. It has been active since 2016 and at the end of December, 2017, researchers have noticed an uptick in attacks. SamSam is a customized variant whereas others are stock viruses sold on the dark web. With SamSam, hackers scan the internet for open ports 3389 and 3390, which are for remote desktop connections. Once they identify them, they use password crackers and look for weak passwords, or use brute force attacks. Once into your network, they will delete your backups, encrypt for files, and demand an extremely substantial payment. They also don’t give you much time to decide. Every hour you wait to pay, the ransom goes up.
Allscripts was hit by this virus in January and most of their providers could not prescribe medicine. Extremely dangerous. Hancock Health was hit and actually paid the $47K ransom. They felt they didn’t have a choice.
The healthcare industry is still new to hackers, but they have quickly figured out that healthcare entities have something they want. healthcare records are extremely valuable. Especially for drug seekers. They healthcare industry is still behind the banking industry but is quickly catching up. We need to make sure we protect our ePHI, and keep the hackers out!