The effects of last week’s ransomware cyber attack hitting Windows users is still hitting healthcare organizations worldwide. HHS and OCR continue to share information about this attack and reminds everyone to be very wary when opening email:

Only open up emails from people you know and that you are expecting.  The attacker can impersonate the sender, or the computer belonging to someone you know may be infected without his or her knowledge.

Don’t click on links in emails if you weren’t expecting them – the attacker could camouflage a malicious link to make it look like it is for your bank, for example.

Keep your computer and antivirus up to date – this adds another layer of defense that could stop the malware. 

HHS | OCR Tip: Disable RDP if possible.

Hackers are using open RDPs (Remote Desktop Protocol) servers on the internet to find a way into systems, either by guessing passwords or locating security gaps that let them in. If you must use an RDP, use an Access Control list or firewalls to assure you’re limiting access.

Also, check your version of Windows. If you’re not sure what you’re using, go to Microsoft to find out. Be sure you have the very latest security updates installed, too. 

If you believe your organization is the victim of a cyber attack, report it to your local FBI field office. You can also file an Internet Crime Complaint with the agency.

By Chris Apgar, CISSP

Apgar and Associates, LLC helps you on your compliance journey, including training workforce, conducting a security risk analysis, and creating risk mitigation and risk management plans.