HOW TO PROTECT AGAINST RANSOMWARE ATTACKS 24 MAY, 2017 Visit us at www.ehr20.com [email protected] 866-276 8309 © 2017 EHR 2.0. All rights reserved. To purchase reprints of this document, please email [email protected]. Disclaimer This session has been provided for educational and informational purposes only and is not intended and should not be construed to constitute legal advice. Please consult your attorneys in connection with any fact-specific situation under federal law and the applicable state or local laws that may impose additional obligations on you and your company. © 2017 EHR 2.0. All rights reserved. To purchase reprints of this document, please email [email protected]. Who we are … EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education(Training, Webinar & E-Learning) Consulting Services Toolkit(Tools, Best Practices & Checklist) © 2017 EHR 2.0. All rights reserved. To purchase reprints of this document, please email [email protected]. About Craig Petronella • Top cybersecurity expert and IT authority in Raleigh, NC. • Author of multiple books, including How HIPAA Can Crush Your Medical Practice and Peace of Mind Computer Support. • 30+ years advising clients & protecting computer information. • Makes sure your business network works when you need it the most, and is a celebrity in his field and hometown. • Frequently quoted on ABC, CBS, NBC, News14, PRNews Wire, and Newsobserver.com for his expertise in protecting local businesses and medical practice owners from hackers halfway around the world in places such as Ukraine, Russia, and China. • Petronella Technology Group, Inc. is the creator of the only unique and proprietary, multi-layered security that guarantees 100% safety from zero-hour hackers. 100% hacker-proof security or we pay you $1,000. Guaranteed. WannaCry Update Consequences • Worldwide Cyberattack (300k+ orgs.) • Majority impact is on windows platform (Obsolete versions) • Ransom as bitcoin wallets ($90k collected) • Restoring from backup copies is the quickest workaround • Install software updates ASAP What is Cybersecurity? Like all things digital, both sides of C yber security is critical in today’s cybersecurity are in a constant state of economy. As the Digital Age consumes innovation. A constant struggle. The bad most of today’s transactions, more data guys want in, and we want them out. becomes vulnerable. Cybersecurity involves both physical And while protection is most commonly protection as well as digital. One can just as viewed as keeping private data secure, easily hack into a network as they can walk cybersecurity also ensures that networks and the data they contain are fully out the front door with a hard drive if there are operational and available. inadequate protections in place. The end game for cybersecurity is to protect your data over the course of a transaction and while stored. Why Should I Care About Cybersecurity? Consequences As part of the SMB community, you face other consequences in failing to protect personal information and your computer They include: • Loss of access to the computing network • Loss of confidentiality, integrity, and/or availability of information, research and/or personal electronic data • Lawsuits, loss of public trust and/or business opportunities, prosecution, internal disciplinary action, or termination of employment Cyber-Safety Threats Threats malware virus spyware Let’s discuss common cyber threats and problems they cause. ransomware hackers identity thieves The Digital War has Begun The global battle to steal your secrets is turning hackers into arms dealers July, 2014 Did You Know Your Smartphone Stores Every Keystroke You’ve Ever Typed? There's an application that can record every Hackers are Targeting: keystroke you've ever typed on your smartphone, even an iPhone. It's not a sinister Trojan, or an • Banking Industry – Large Dollar Transactions evil keylogger. It's simply the database that the phone draws on to supply AutoComplete results. • Retailers – Large Quantities of Credit Cards You can't dig in and see the keystrokes yourself, but external software (malicious apps) can read • Corporations – Intellectual Property back that database and thus read out every text or email you've sent and, more important, every • Consumers – Identity Theft password you've typed. • Government – Secrets & Espionage • HealthCare – Personal Health Information • Entertainment Industry – Cyber Revenge Rubenking, Neil J. "RSA: Your SmartPhone Stores Every Keystroke You Ever Typed" securitywatch.pcmag.com. February 26, 2013, http://securitywatch.pcmag.com/security- software/308519-rsa-your-smartphone-stores-every-keystroke-you-ever-typed Recent Notable Breaches The Target Breach The forensics report revealed that Target was breached because a hacker sent an infected email to Targets third-party HVAC vendor. The infected email contained a keylogger which stole the vendor’s login credentials. JP Morgan Chase Breach: People familiar with the investigation said the evidence gathered so far revealed that hackers were able to make a significant foray into J.P. Morgan's computer FBI probes hacking incident at system. People with knowledge of the probe said it appeared between two and five U.S. financial J.P. Morgan; attack appears to institutions may have been affected. The names of all have been caused by targeted banks couldn't be immediately determined. Malicious computer code. J.P. Morgan and federal cyber investigators are in discussions as they examine the apparent attack on the bank's computer system, forensics revealed that Malware was the cause. "Companies of our size unfortunately experience cyberattacks nearly every day," said Trish Wexler, a J.P. Morgan spokeswoman said Wednesday. "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels." Home Depot Breach: Forensics revealed that keylogging malware was found on employee computer systems. Community Health Systems The APT Group used highly sophisticated malware to attack the company’s computer systems. Breach Commonalities Malware (keyloggers) were used to steal credentials and remotely login or exfiltrate data. Regulator Fines are Increasing: HHS deals out largest-ever $4.8M HIPAA violation settlement. Parkview Health, OCR agree to $800K data breach settlement. HHS fines Skagit, Washington $215K in first county HIPAA settlement. Highly Motivated Hackers Credit cards go for $.50 cents - $1.00 PHI records go for $20.00 to $1500.00 DHS Warning At the time of discovery and analysis, the malware variant “Backoff” had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious. July 31, 2014 Our Computers are Under Attack In the last 12 months, over 600 million viruses were introduced on the Internet. The best anti-virus software has about 20 million known virus definitions built into its database. 1.1 million viruses are added per day. It takes an anti-virus company an average of 28-30 days before they can address a known virus it finds. Explosive Admission! On May 7th, 2014, Symantec's senior vice president for information security, Brian Dye, told the Wall Street Journal that “anti-virus is dead". He is leading Symantec towards a new approach that focuses on spotting hackers within a system and minimizing damage from them instead of trying to keep them out. "We don't think of antivirus as a moneymaker in any way," he told the Journal. 30,000 Web Sites Hacked A Day. How Do You Host Yours? The majority of these 30,000 sites are legitimate small businesses that are unwittingly distributing malicious code for the cyber criminals. YOU might be one of them. The hosting provider you choose is much like the neighborhood you choose to live in. A bad neighborhood breeds criminal activity. The homes that don’t have a security system, or just have stickers to deter criminals are at risk of being a Mark. The idea is the have as much security layers in place as possible, so cyber criminals move on to an easier target. Use as many security layers as possible. We utilize over 100 layers of security, where most of our competition use only a handful. Think of layers as a gated community, armed guards with machine guns, vicious guard dogs, several snipers on the roof, a SWAT team guarding your property with Rambo as your general. Lyne, James. "30,000 Web Sites Hacked A Day. How Do You Host Yours?" forbes.com. September 6, 2013, http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web-sites-hacked- a-day-how-do-you-host-yours/#6bb6893b3a8c More than 70% of WordPress installations are vulnerable to hacker attacks 70% of Wordpress installations are vulnerable to hacker attacks. That’s just the vanilla installations! Every plugin & theme that’s installed is also a potential opportunity for a security breach. YOUR website might be one of them. Abela, Robert. "Statistics Show Why WordPress is a Popular Hacker Target" wpwhitesecurity.com. December 6, 2014, https://www.wpwhitesecurity.com/wordpress-security- news-updates/statistics-70-percent-wordpress-installations-vulnerable/ You NEED Secure Website Hosting & Backup Minimum Requirements: • 57 Layers of Security Protection with weekly scans. • Block IP addresses of repeated failed login attempts. • Block certain countries you don’t do business with. • Automatic website backups stored for at least 3 weeks. • One-click restore capabilities • Website monitoring with heartbeat check at least every 15 mins. • Auto notification via text and/or email for website status. • SSL certificate If you have an e-commerce website or want to increase conversions and security, consider adding a trust seal to your website. Daily, weekly or quarterly vulnerability scan options are available and ensure PCI compliance. More info on secure website hosting can be found at http://petronellahosting.com/ You NEED Backup and Disaster Recovery • You need a backup system that can capture everything—systems, applications, configuration settings, services, data—so you don’t risk losing irreplaceable data, custom applications, or your operating system.