Global Ransomware Attack Targets Hospitals, Telecom Companies; Partners Push Education As Preventative Medicine
A massive ransomware campaign that has crippled a number of health care systems and telecom companies globally shows how important it is for the channel to educate customers about security risks and protocols, partners told CRN.
At least 25 health care organizations in the U.K., including hospitals and clinician services, have been affected by the attack, while other hospitals and telecom companies in 74 other countries reported being attacked, according to the BBC.
Michael Goldstein, president and CEO of LAN Infotech, a Fort Lauderdale, Fla. Solution solution provider, said he has heard of concerns from health care customers who are haunted by the fact that a ransomware attack could cut off their access to patient data and force clinics to turn away patients.
Golstein said that the channel plays a vital part in educating customers, and hopes to help his own client base with a "two prong approach."
"This is one of the crazier things I've seen," he said. "In the next 30 days, we hope to help our own clients in two ways. First, we want to provide a different product set for them that serves as a middle layer between the antivirus and anti-malware, such as a product from Cylance or Sophos. Second, we want to roll out an educational program to go back to customers as part of our existing managed services plan and give them cyber awareness training. "
According to Britain's National Health Service, the malware variant affecting healthcare organizations in the U.K. is called Wanna Decryptor, which infects and locks computers as the attackers demand a ransom. The attacks have left hospitals in the U.K. in crisis mode, with some even diverting emergency care patients away to other hospitals, according to Reuters.
"At this stage, we do not have any evidence that patient data has been accessed," the NHS said in a statement. "We will continue to work with affected organizations to confirm this … [this] was not specifically targeted at the NHS and is affecting organizations from across a range of sectors."
This malware exploits a vulnerability on Microsoft's older Windows operating systems, including Windows XP. The malware was first discovered and developed by the National Security Agency, before a group called The Shadow Brokers claimed that they stole and released the hacking tools.
Microsoft patched the vulnerability in March, but several organizations – including hospitals – had yet to update their systems, making them vulnerable targets.
"A lot of businesses don't patch regularly or don't change their default passwords … I think it's our job at a high level to make our customers aware of the risks, and how to negate it and set the right protocols up. You'll never be completely un-vulnerable," said Ari Harrison, services delivery manager at Silicon East, a managed IT services provider located in Manalapan, N.J.
Goldstein said that the majority of his health care clients had taken upgrades seriously. However, several other health care organizations do not upgrade from Windows XP or Windows 2003 because as part of the process they need to re-write specific line of business applications.
However, to prevent similar incidents from occurring again, educating Windows clients about the potential security risks – and financial fallout – of not upgrading is essential, he said.
"We need to add in the education piece because things are getting out of control… we're all thinking of these security risks, but we have to execute," he said.
In addition to hospitals, telecom vendors like Telefonica in Spain were hit by the attack; as well as several gas and electrical utility plants – including Iberdrola and Gas Natural.