Phished, Hacked, Held for Ransom

Maybe I’m naïve.  But I did hear Thomas Friedman state, “Naivety is the new reality” in his keynote address last month at the American Telemedicine Association annual meeting in Orlando, Florida.  So naïve to believe the best in people and to be amazed when I see their intellectual talents trying to defraud, rather than to be used for good.

As this blog goes to press, Ransomware has become headline news due to recent attacks.  Over the course of less than 30 days, even my small business has become a target.

First an email which came in the name and headline from my largest client.  I was owed a payment and they were asking for confirmation of my account information.  The “tone” of the email was somewhat suspicious, as I had previously received hundreds of emails from the same person.  I supplied my account information.  When the next email asked me to transfer funds to them, I knew something was wrong.  A phone call confirmed my fear and I immediately closed my bank account.  Fortunately, no major harm done.

Next came this email with a Virus warning.

DO NOT CALL THIS NUMBER!  They will offer to fix a computer virus, help a family member with a drug problem, relieve you of major issues with the IRS, just give them a credit card number…….  Who are these people?

Next while visiting a website for what I thought was a new Urgent Care center, I received a pornographic image with an audio warning, Do Not Shut Off Your Computer!  I shut off the computer, disconnected from the network, rebooted and hoped for the best.  Again, I was lucky, the ransom threat has not reappeared.

We’ve all heard the warnings, but I engaged some industry experts for additional advice.

Why Healthcare?

I spoke to William Mee, President of https://www.securehim.com/,  a firm dedicated to changing the security culture of healthcare through implementing health IT security training, education, assessments, and security consulting.  Here is some information from a Ransomware Module they are creating.

Healthcare practices are the perfect mark for Ransomware. Physicians and healthcare providers rely on up-to-date information. Providers often respond immediately by shutting down large portions of its network. Staff typically cannot access email or a database of patient records.

Without quick access to accounting and other information, patient care can get delayed. A practice manager is more likely to pay a ransom rather than risk delays that could result in lawsuits.

Providers typically do train their employees on security awareness. Their primary concern is HIPAA compliance and ensuring that employees meet the federal requirements for protecting patient privacy.

Hayley Dezendorf, Chief Compliance Officer for Teleradiology Specialists offered this advice:

Mailing lists make great marketing tools….

We’re growing, we’re building our Client base, we need Rads to read more studies… that makes it so tempting to click on the email that comes in offering access to the database of thousands of Urgent Care Centers looking for a teleradiology provider, or Radiologists looking for teleradiology work…. Don’t Do It!  Don’t get caught in a phishing net!

Advice?

Even though your computer is behind a locked door it can be hacked while you are on the Internet. Here are some tips to protect yourself, courtesy of Byron Hurlock of Computer Blue Technologies.

  1. Make sure your Microsoft Windows updates are running and up to date – type in Windows update at your search bar next to the start button
  2. Make sure you have a paid anti-virus on your computer. Examples include McAfee, Norton Internet Security, or Kaspersky. Free ones are OK but paid ones are always updating their definitions 24/7 – 365. If you are on Windows 10 turn on Windows Defender, it’s free and effective.
  3. Add a secondary Malware scanner – the reason for this is there are companies whose only business is protecting against malware. Malwarebytes is a secondary scanner that protects against zero-day attacks
  4. Be careful what you click on. This malware was distributed by phishing emails. You should only click on emails that you are sure came from a trusted source
  5. Be sure to back up all your computing devices. Regularly backing up your devices helps you recover your information should your computer become infected with ransomware

 

Taking the above precautions will keep your machine better protected while you work in cyberspace. Not sure what to do, reach out to info@computerbluetech.com or visit their website www.computerbluetech.com

And now to “John Becker” who called my 89-year-old mother this week congratulating her sweepstakes victory if only she will share her bank account number so they can make an account transfer.  There is no lower form of life than someone who is looking to make a living preying on the most vulnerable among us.  Mom is well coached, told Mr. Becker that she is hard of hearing and would he please call her son.  I wish he had.  Even better, I wish I had the opportunity to speak with his mother.

So, in the immortal words of Sergeant Phil Esterhaus of Hill Street Blues:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *