Ransomware – Don’t Be the Next Victim

It’s the perfect crime. Force someone into giving you their money and then vanish without a trace. Ransomware is on the rise again, but it’s not because deviant technology is getting better. In fact, FBI crackdowns, patches, antivirus & antimalware solutions have significantly hampered their proliferation. In the absence of large-scale technological vulnerabilities that can impact millions, “Lone wolf” criminals are now targeting smaller organizations at an alarming rate. They analyze their victims’ computer systems looking for vulnerabilities, then plan a targeted attack. Anyone with digital assets and the ability to pay a ransom is at risk. Criminals who used to snatch purses or sell drugs are now turning their attention to digital crimes because they have a better chance at getting away with it. They are intentionally demanding smaller payouts to avoid prosecution and media attention. Local authorities are powerless to stop it as perpetrators often digitally cross state/country lines, and the FBI is overrun with complaints that will likely never be assigned to an agent.

The good news is that most attacks are executed by criminals with little to no hacking skills. Following these basic security precautions can and will protect you from these types of attacks. We urge you to ensure that your IT has performed the following steps (in order of priority):

#1 Remote Desktop servers should never expose the default TCP port of 3389 to the public internet. The best way to protect your RDP server is to not expose any RDP ports to the public internet. You can use VPN instead. If you must expose RDP ports to the public internet, make sure you install a product like RDPGuard.

#2 Never use weak passwords on any Windows User Account. Many attackers use brute force attacks with common password dictionaries to gain entry and remotely encrypt files.

#3 Train every employee to never provide remote support access to an unsolicited caller. Many attackers will call your practice pretending to be your PM/EHR vendor and will guide unsuspecting employees into giving them access!

#4 Perform a Windows Update on all your workstations and servers. Many ransomware outbreaks take advantage of known vulnerabilities in Windows that have already been patched by Microsoft.

#5 Never allow users to browse the internet on a server. Servers should be inaccessible to users. Remote Desktop servers should have “Internet Explorer Enhanced Security Configuration” enabled and should be restricted to only allow approved websites.

#6 AVOID assigning drive letters to your backup drives. “Hackers” look for backup drives and will encrypt your backup files along with your EHR files if they find them.

#7 NEVER map network drive letters on workstations to your EyeMD EMR Image Server directory (or parent directories). Automated Ransomware software typically only infects workstations. It scans all of your workstation’s drives looking for documents to encrypt. Mapping Network Drives to your EyeMD EMR Image Server Directory allows ransomware to encrypt documents (PDF & JPG) linked to the EMR system.
MALCONFIGURED
R: Drive Mapped to \\SERVER\EyeMD_Data\ a shared folder of D:\EyeMD_Data\
R: Drive Mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\
R: Drive Mapped to \\SERVER\D\ a shared folder of D:\

PROPERLY CONFIGURED
R: Drive Mapped to \\SERVER\OCT\ a shared folder of D:\EyeMD_Data\DEVICES\OCT\
NO drives mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\

#8 IN ADDITION to backing up your data to a local drive (for fast recovery), make sure you are also backing up your data offsite. We recommend Amazon Glacier, however, there are many other reputable cloud backup vendors to choose from.

#9 Install/Update CryptoPrevent on all your workstations and servers, apply the default policies, and periodically check for updates. CryptoPrevent is a freeware software that automatically configures your operating system to block the execution of rogue applications by preventing the execution of programs in temporary directories and by using other effective techniques. It is by far the most effective way to prevent the destruction caused by Ransomware. Anti-Virus & Anti-Malware software programs can only protect you from known variants. By the time it is known, new variants emerge. Be advised that this tool may adversely affect logon scripts so please consult your IT before installing this application. https://www.eyemdemr.com/downloads/CryptoPreventSetup.exe

If you have been infected by Ransomware, DO NOT FORMAT/WIPE YOUR SERVER UNTIL YOU HAVE SAVED AN IMAGE OF IT! Please contact us before taking any action on your system. If you cannot recover your files from a backup or using any of the tools below, the FBI considers paying the ransom to be an option that your business should consider. Although a decryption key is usually provided after paying the ransom, there has been cases where a ransom was paid and no key was provided in return. You should also report the crime to the Internet Crime Complaint Center.
Cisco TALOS TeslaCrypt Decryption Tool
Kaspersky Ransomware Decryptor

If you have any questions regarding Ransomware, please help us keep our technical support lines available for EyeMD EMR related issues by directing these questions to your IT.

Share this Post:

Related Posts

FTC logo

Federal Trade Commission Eyeglass Rule – Effective September 2024

August 8, 2024

The Federal Trade Commission (FTC) Eyeglass Rule, officially titled 16 CFR Part 456, is a regulation that mandates eyecare providers to provide patients with a copy of their eyeglass prescription immediately after an eye examination. This rule applies regardless of whether the patient requests the prescription, and even if the examination does not indicate a change in the prescription.   The FTC Eyeglass Rule will go into effect September 2024.   Rule Highlights: Automatic Release of Prescription: After completing an eye exam, you must provide the patient with a copy of their eyeglass prescription, even if they do not ask for it. No Conditions or

Read More »

Worldwide Cloud Outage Impact – Restored

July 19, 2024

Our support operations have been fully restored. Services for our credit card processing partner Nexio have also been fully restored. Eligibility checks for most carriers have been restored as well. A banner in the PM will provide status updates for the remaining carriers. We thank you for your patience and apologize for the inconvenience.

Read More »

Worldwide Cloud Outage Impact

July 19, 2024

 A software update from the cybersecurity company CrowdStrike has inadvertently disrupted IT systems globally. Although most of our systems were unaffected, our primary remote support tool (LogMeIn Rescue) is currently offline. Consequently, our remote support capabilities have been impacted. Our support team is unable to access customer systems using this tool. However, we can connect to remote systems using an alternative, customer-initiated tool. As a result, we are unable to perform certain remote tasks, which may lead to support delays and cancellations. Additionally, our credit card processing partner, Nexio, is currently unable to process credit card transactions, and certain eligibility checks are failing. We thank

Read More »

Welcome to NewCrop Rx v2- Exciting Updates and Enhanced Features!

June 8, 2024

We are excited to introduce NewCrop Rx v2!   Our development team has been collaborating closely with our ePrescribing vendor to bring you the latest version of NewCrop Rx. The new platform is designed to enhance usability and reliability, offering a host of new features including: A fresh, modern, and intuitive interface. Real-time benefits information (including alternative drug options). Customized SIG builders. New drop-down menus and much more! To ensure a seamless transition, please review the Migration Guide prior to your transition.   To assist you in mastering the ePrescribing process and optimizing your transition experience, the following resources are also available: Get Started Guide

Read More »

MIPS Highlights 2024 – Q2

May 6, 2024

As temperatures rise and flowers bloom, remember to review your MIPS figures before diving into the pool! We suggest scheduling regular meetings with your Verana Practice Experience Manager (PEM) to review your 2024 data and keeping a close eye on your Quality Dashboard to ensure a seamless end-of-year attestation process. This is an ideal opportunity to make any essential workflow adjustments and enhance your performance for the year. If you intend to attest to PI for 2024, your attestation period must commence no later than July 4, 2024. MIPS 2024 Deadlines (subject to change) July 4, 2024 – First day of the final 180-day attestation

Read More »

CMS Extends 2023 MIPS Submission and EUC Deadline

March 25, 2024

CMS Announces Reopening of 2023 MIPS EUC Application in Response to the Change Healthcare Cyberattack In response to the Change Healthcare cyberattack in late February, the Centers for Medicare & Medicaid Services (CMS) extended the data submission deadline and is now reopening the 2023 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) Exception Application to provide relief to MIPS-eligible clinicians impacted by this cybersecurity incident. The application will be open for the remainder of the extended data submission period, which closes April 15, 2024, at 8 p.m. ET. Details can be found here. Who can submit an application for EUC during this extension?

Read More »

Worldwide Cloud Outage Impact

July 19, 2024

 A software update from the cybersecurity company CrowdStrike has inadvertently disrupted IT systems globally. Although most of our systems were unaffected, our primary remote support

Learn More »
EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR

EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR
More Information More Information
More Information More Information