A health center malware infection has potentially resulted in 2,500 patients’ protected health information (PHI) being sent to unknown individuals over a period of almost a year. Lane Community College health clinic in Eugene, OR, discovered the malware during routine maintenance last month.
Further investigation determined that the malware had been installed on the computer in March 2016. The malware remained active until last month when it was discovered and removed. The malware was identified as Backdoor:Win32/Vawtrak – a Trojan backdoor that enables attackers to steal login information and take full control of an infected PC.
While data access was possible, Lane Community College health clinic uncovered no evidence to suggest patient data had been stolen, although the possibility that PHI was accessed and stolen could not be ruled out. A spokesperson for the clinic said an analysis of 20 other computers used by the clinic uncovered no further malware infections. In this case, the infection was limited as the computer was not connected to other computers on the network.
The only data exposed were those stored on the machine itself. The information potentially exposed included patients’ names, addresses, phone numbers, dates of birth and medical diagnoses.
A health center malware infection can prove costly to resolve. In this case, the infection was limited to one machine, although once access has been gained and malware installed, hackers can often move laterally within a network and spread infections to other machines. Once data have been exfiltrated and there is no further need for access, hackers commonly install ransomware to extort money from their victims.
The exposure or theft of patient data can often lead to lawsuits from patients. While many of those lawsuits ultimately fail, defending a lawsuit can be costly. Healthcare data breaches that result in more than 500 records being exposed are also investigated by the Department of Health and Human Services’ Office for Civil Rights to determine whether the breaches were caused as a result of HIPAA violations. Should HIPAA Rules be found to have been breached, covered entities may have to cover heavy fines.
Health center malware attacks are commonplace due to the value of healthcare data on the black market. Healthcare providers should therefore implement a range of defenses to protect against malware infections.
Malware is commonly inadvertently installed by end users via spam email or redirects to malicious websites. Both of these attack vectors can be blocked with low cost solutions. Backdoor:Win32/Vawtrak – also known as Trojan-PSW.Win32.Tepfer.uipc – is recognized by Kaspersky Lab – one of the dual AV engines used by the SpamTitan spam filtering solution. SpamTitan blocks 100% of known malware and blocks 99.97% of spam emails to keep end users and computers protected.
To protect against Web-borne attacks and to prevent malicious software downloads, WebTitan can be deployed. Web-Titan is a powerful DNS-based web filtering solution that can be used to block a wide range of web-borne threats to keep healthcare networks malware free.
Both solutions are available on a free 30-day trial to allow healthcare providers to experience the benefits first hand before committing to a purchase.
To find out more about TitanHQ’s cybersecurity solutions for healthcare organizations or to sign up for a free trial, give the sales team a call today.