ALERT: Microsoft Releases Critical Security Patch – Update NOW!

PLEASE FORWARD THIS COMMUNICATION TO YOUR IT

Ransomware is a type of virus that executes on a user’s workstation and systematically encrypts all documents & backup files on all disk drives on the workstation, then demands a ransom payment in order to unencrypt the files.

Microsoft has identified a new vulnerability that may trigger another Ransomware outbreak similar to the WannaCry outbreak back in 2017. They have released a patch to legacy operating systems they claim to no longer support after discovering this critical vulnerability. Microsoft is warning users to patch their systems quickly to protect your practice from another WannaCry-like ransomware attack. The release of this patch suggests that Microsoft is still willing to address critical security vulnerabilities on legacy operating systems despite being in an “unsupported state” as they understand that many of these systems are still in use in settings such as healthcare. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploits this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

We highly recommend that you apply all available critical updates using the Windows Update tool, especially if you are using any of the following Operating Systems:

  • Windows 2003
  • Windows XP
  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008

In addition to applying this patch (as communicated in response to the previous WannaCry ransomware attack), in order to protect your practice from a Ransomware attack, your IT MUST perform the following steps:

#1 NEVER map network drive letters on workstations to your EyeMD EMR Image Server directory (or parent directories). Ransomware typically only infects workstations. It scans all of your workstation’s drives looking for documents to encrypt. Mapping Network Drives to your EyeMD EMR Image Server Directory allows ransomware to encrypt documents (PDF & JPG) linked to the EMR system.

MALCONFIGURED

  • R: Drive Mapped to \\SERVER\EyeMD_Data\ a shared folder of D:\EyeMD_Data\
  • R: Drive Mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\
  • R: Drive Mapped to \\SERVER\D\ a shared folder of D:\

PROPERLY CONFIGURED

  • R: Drive Mapped to \\SERVER\OCT\ a shared folder of D:\EyeMD_Data\DEVICES\OCT\
  • NO drives mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\

#2 Install/Update CryptoPrevent on all your workstations and servers, apply the default policies, and periodically check for updates. CryptoPrevent is a freeware software that automatically configures your operating system to block the execution of rogue applications by preventing the execution of programs in temporary directories and by using other effective techniques. It is by far the most effective way to prevent the destruction caused by Ransomware. Anti-Virus & Anti-Malware software programs can only protect you from known variants. By the time it is known, new variants emerge. Be advised that this tool may adversely affect logon scripts so please consult your IT before installing this application. https://www.eyemdemr.com/downloads/CryptoPreventSetup.exe

#3 Perform a Windows Update on all your workstations and servers. Updated systems are not susceptible to the current outbreak.

#4 Never allow users to browse the internet on a server. Servers should be inaccessible to users. Remote Desktop/Citrix servers should have “Internet Explorer Enhanced Security Configuration” enabled and should be restricted to only allow approved websites.

#5 Remote Desktop servers should never use the default TCP port of 3389. We also recommend that you do not expose Remote Desktop ports to the public internet and that you instead use a VPN to access your Remote Desktop servers.

#6 Install brute force protection software on your public facing RDP servers. We recommend RDPGuard, an affordable host-based intrusion prevention system.

#7 Never use weak passwords on any Windows User Account. Many attackers use brute force attacks with common password dictionaries to gain entry and remotely install viruses.

If you have been infected by Ransomware and cannot recover your files from a backup or using any of the tools below, the FBI recommends that you pay the ransom and report the crime to the Internet Crime Complaint Center

Cisco TALOS TeslaCrypt Decryption Tool

Kaspersky Ransomware Decryptor

If you have any questions regarding Ransomware, please help us keep our technical support lines available for EyeMD EMR related issues by directing these questions to your IT.

EyeMD EMR Healthcare Systems, Inc.

Share this Post:

Related Posts

FTC logo

Federal Trade Commission Eyeglass Rule – Effective September 2024

August 8, 2024

The Federal Trade Commission (FTC) Eyeglass Rule, officially titled 16 CFR Part 456, is a regulation that mandates eyecare providers to provide patients with a copy of their eyeglass prescription immediately after an eye examination. This rule applies regardless of whether the patient requests the prescription, and even if the examination does not indicate a change in the prescription.   The FTC Eyeglass Rule will go into effect September 2024.   Rule Highlights: Automatic Release of Prescription: After completing an eye exam, you must provide the patient with a copy of their eyeglass prescription, even if they do not ask for it. No Conditions or

Read More »

Worldwide Cloud Outage Impact – Restored

July 19, 2024

Our support operations have been fully restored. Services for our credit card processing partner Nexio have also been fully restored. Eligibility checks for most carriers have been restored as well. A banner in the PM will provide status updates for the remaining carriers. We thank you for your patience and apologize for the inconvenience.

Read More »

Worldwide Cloud Outage Impact

July 19, 2024

 A software update from the cybersecurity company CrowdStrike has inadvertently disrupted IT systems globally. Although most of our systems were unaffected, our primary remote support tool (LogMeIn Rescue) is currently offline. Consequently, our remote support capabilities have been impacted. Our support team is unable to access customer systems using this tool. However, we can connect to remote systems using an alternative, customer-initiated tool. As a result, we are unable to perform certain remote tasks, which may lead to support delays and cancellations. Additionally, our credit card processing partner, Nexio, is currently unable to process credit card transactions, and certain eligibility checks are failing. We thank

Read More »

Welcome to NewCrop Rx v2- Exciting Updates and Enhanced Features!

June 8, 2024

We are excited to introduce NewCrop Rx v2!   Our development team has been collaborating closely with our ePrescribing vendor to bring you the latest version of NewCrop Rx. The new platform is designed to enhance usability and reliability, offering a host of new features including: A fresh, modern, and intuitive interface. Real-time benefits information (including alternative drug options). Customized SIG builders. New drop-down menus and much more! To ensure a seamless transition, please review the Migration Guide prior to your transition.   To assist you in mastering the ePrescribing process and optimizing your transition experience, the following resources are also available: Get Started Guide

Read More »

MIPS Highlights 2024 – Q2

May 6, 2024

As temperatures rise and flowers bloom, remember to review your MIPS figures before diving into the pool! We suggest scheduling regular meetings with your Verana Practice Experience Manager (PEM) to review your 2024 data and keeping a close eye on your Quality Dashboard to ensure a seamless end-of-year attestation process. This is an ideal opportunity to make any essential workflow adjustments and enhance your performance for the year. If you intend to attest to PI for 2024, your attestation period must commence no later than July 4, 2024. MIPS 2024 Deadlines (subject to change) July 4, 2024 – First day of the final 180-day attestation

Read More »

CMS Extends 2023 MIPS Submission and EUC Deadline

March 25, 2024

CMS Announces Reopening of 2023 MIPS EUC Application in Response to the Change Healthcare Cyberattack In response to the Change Healthcare cyberattack in late February, the Centers for Medicare & Medicaid Services (CMS) extended the data submission deadline and is now reopening the 2023 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) Exception Application to provide relief to MIPS-eligible clinicians impacted by this cybersecurity incident. The application will be open for the remainder of the extended data submission period, which closes April 15, 2024, at 8 p.m. ET. Details can be found here. Who can submit an application for EUC during this extension?

Read More »

Worldwide Cloud Outage Impact

July 19, 2024

 A software update from the cybersecurity company CrowdStrike has inadvertently disrupted IT systems globally. Although most of our systems were unaffected, our primary remote support

Learn More »
EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR

EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR
More Information More Information
More Information More Information