Privacy & Security

Cass Regional EHR back online after ransomware attack: What you need to know

Hackers got into the Missouri health system’s network by a brute force attack on its remote desktop protocol, the same access used by the notorious SamSam ransomware variant.
By Jessica Davis
July 19, 2018
05:13 PM

Missouri-based Cass Regional Medical Center brought its EHR system back online on Monday, one week after it was hit by a ransomware attack.

Hackers got into the system around 11 a.m. on July 9. Officials promptly shut down its EHR to prevent further damage or access. The health system maintained patient care during the attack but chose to divert trauma and stroke victims to ensure they received the best care.

Cass Regional initiated its prepared incident response just 30 minutes after discovering the attack, which allowed officials to maintain care.

Officials quickly launched an investigation with the help of a third-party vendor, which determined the hackers performed a brute force attack on its remote desktop protocol (RDP) to infect the system with the ransomware. The notice did not mention how much the hackers demanded in ransom.

While officials did not confirm the type of ransomware used, brute force attacks on RDP are used by the notorious SamSam ransomware variant. SamSam was responsible for shutting down Allscripts for about a week in January.

RDP is widely used to give remote access for legitimate business purposes. However, a hacker can use the port to jam ransomware into a network. The trial-and-error method attempts to decode encrypted passwords or other encryption keys using brute force.

[Also: The biggest healthcare data breaches of 2018 (so far)]

While RDP is a legitimate port, a lack of robust security, including unsophisticated logins and passwords, make RDP a vulnerability. In fact, a brute force attack is hard to execute when an organization has multi-factor authentication implemented on its system.

Since the attack, officials said they’ve modified their systems to eliminate the risk.

Other healthcare organizations can shore up RDP vulnerabilities by implementing stronger security controls. That includes adding antivirus on all endpoints, including servers and RDPs, according to CynergisTek Executive Vice President of Strategic Innovation David Finn.

“It needs to be on all of your endpoints,” Finn said. “We sometimes forget about those servers being endpoints.”

Further, organizations can make sure to close ports that don’t need to be opened, and make sure that all public-facing access points are only open to those who need access.

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com

Topics: 
Electronic Health Records (EHR, EMR), Privacy & Security

More regional news

Walmart store

Walmart announces closing of clinics and virtual care

By
Susan Morse
May 01, 2024
Hacker with glasses and hat looking at two screens with data and code

Ransomware was used in 72% of network intrusions last year, says BakerHostetler

By
Andrea Fox
May 01, 2024
Amanda Bury, chief commercial officer at Infermedica

Telemedicine, enabled with responsible AI, can improve the patient experience

By
Bill Siwicki
May 01, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Doctors review practice finances
LLMs are not ready to automate clinical coding, says Mount Sinai study

Most Read

WebMD acquires Healthwise to bolster patient engagement and growth
Zocdoc launches advanced partner program
Suki partners with Amwell on telehealth AI
How the Change Healthcare cyberattack is straining providers, and what the government can do
Memorial Healthcare finds success with switch to Epic-based telehealth vendor
HHS response to cash flow concerns from Change cyberattack inadequate, providers say

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Privacy & Security
Artificial Intelligence
Analytics

Video

Dr. Guido Giunti at Trinity College Dublin_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Novel digital therapeutics for MS empower patients
Kendall Brown at CenTrak_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How HIMSS membership can grow healthcare careers
Ellen Arigorat at NewYork-Presbyterian Hospital Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
HIMSS Changemaker champions Filipino-American health literacy
Sponsored by Minsait
Gustavo Adolfo Torres Becerra at Minsait__Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Healthcare organizations need interoperability to give residents preventative care

More Stories

Health professional at desktop computer
How AI-powered systems can help physician groups improve coding – and earn more
Nurse huddle with tablet
Nurses have a deep distrust of AI – but transparency and training could help
Dr. Jonah Feldman at NYU Langone Health System_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Want to reduce readmissions? Personalize digital discharge guides
Gabriel Garcia-Lopez at the Los Angeles LGBT Center Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
From HIMSS conference attendee to 2024 HIMSS Changemaker
Kaiser building
Kaiser reports 13.4 million people affected by data breach
Stethoscope on tablet
HIMSSCast: The need for home care continues
Change Healthcare booth and sign
MGMA asks OCR: Hold UHG responsible for HIPAA breach notifications
A person in a suit holds graphic healthcare solutions in one hand, and a graphic of people in the other.
Vendor Notebook: Salesforce extends AI to public health services, DrFirst acquires Myndshft