ALERT: Microsoft Releases Critical Security Patch – Update NOW!

PLEASE FORWARD THIS COMMUNICATION TO YOUR IT

Ransomware is a type of virus that executes on a user’s workstation and systematically encrypts all documents & backup files on all disk drives on the workstation, then demands a ransom payment in order to unencrypt the files.

Microsoft has identified a new vulnerability that may trigger another Ransomware outbreak similar to the WannaCry outbreak back in 2017. They have released a patch to legacy operating systems they claim to no longer support after discovering this critical vulnerability. Microsoft is warning users to patch their systems quickly to protect your practice from another WannaCry-like ransomware attack. The release of this patch suggests that Microsoft is still willing to address critical security vulnerabilities on legacy operating systems despite being in an “unsupported state” as they understand that many of these systems are still in use in settings such as healthcare. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploits this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

We highly recommend that you apply all available critical updates using the Windows Update tool, especially if you are using any of the following Operating Systems:

  • Windows 2003
  • Windows XP
  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008

In addition to applying this patch (as communicated in response to the previous WannaCry ransomware attack), in order to protect your practice from a Ransomware attack, your IT MUST perform the following steps:

#1 NEVER map network drive letters on workstations to your EyeMD EMR Image Server directory (or parent directories). Ransomware typically only infects workstations. It scans all of your workstation’s drives looking for documents to encrypt. Mapping Network Drives to your EyeMD EMR Image Server Directory allows ransomware to encrypt documents (PDF & JPG) linked to the EMR system.

MALCONFIGURED

  • R: Drive Mapped to \\SERVER\EyeMD_Data\ a shared folder of D:\EyeMD_Data\
  • R: Drive Mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\
  • R: Drive Mapped to \\SERVER\D\ a shared folder of D:\

PROPERLY CONFIGURED

  • R: Drive Mapped to \\SERVER\OCT\ a shared folder of D:\EyeMD_Data\DEVICES\OCT\
  • NO drives mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\

#2 Install/Update CryptoPrevent on all your workstations and servers, apply the default policies, and periodically check for updates. CryptoPrevent is a freeware software that automatically configures your operating system to block the execution of rogue applications by preventing the execution of programs in temporary directories and by using other effective techniques. It is by far the most effective way to prevent the destruction caused by Ransomware. Anti-Virus & Anti-Malware software programs can only protect you from known variants. By the time it is known, new variants emerge. Be advised that this tool may adversely affect logon scripts so please consult your IT before installing this application. https://www.eyemdemr.com/downloads/CryptoPreventSetup.exe

#3 Perform a Windows Update on all your workstations and servers. Updated systems are not susceptible to the current outbreak.

#4 Never allow users to browse the internet on a server. Servers should be inaccessible to users. Remote Desktop/Citrix servers should have “Internet Explorer Enhanced Security Configuration” enabled and should be restricted to only allow approved websites.

#5 Remote Desktop servers should never use the default TCP port of 3389. We also recommend that you do not expose Remote Desktop ports to the public internet and that you instead use a VPN to access your Remote Desktop servers.

#6 Install brute force protection software on your public facing RDP servers. We recommend RDPGuard, an affordable host-based intrusion prevention system.

#7 Never use weak passwords on any Windows User Account. Many attackers use brute force attacks with common password dictionaries to gain entry and remotely install viruses.

If you have been infected by Ransomware and cannot recover your files from a backup or using any of the tools below, the FBI recommends that you pay the ransom and report the crime to the Internet Crime Complaint Center

Cisco TALOS TeslaCrypt Decryption Tool

Kaspersky Ransomware Decryptor

If you have any questions regarding Ransomware, please help us keep our technical support lines available for EyeMD EMR related issues by directing these questions to your IT.

EyeMD EMR Healthcare Systems, Inc.

Share this Post:

Related Posts

MIPS Highlights 2023 – Winter Edition

As 2023 comes to a close, you should be well versed in the status of MIPS for your practice. If you haven’t met with your Verana Practice Experience Manager (PEM) recently, December is your final chance to connect and identify any last-minute tasks that need to be completed prior to the year’s end. Please reach out to your PEM to schedule a pre-attestation assessment if you have not already done so. If your practice will be attesting to Promoting Interoperability, please reach out to customer service by calling 877-239-3367 to schedule a pre-attestation review with a trainer no later than February 15, 2024. Your practice

Read More »

MIPS Highlights 2023 – Spring Edition

IRIS Registry Transition The IRIS Registry has been transitioned from the original vendor, FIGmd, to Verana Health. At this point, you should already be working with Verana on transitioning. Please continue to work with your Practice Experience Manager (PEM) and monitor your Quality Dashboard throughout the year to avoid attestation surprises. If you have not yet signed up with Verana, please know that as an EyeMD EMR customer you will be prioritized for transition in April 2023. Please keep an eye out for any emails or notifications from Verana and work with them to get your new dashboard up and running to ensure a successful

Read More »

Important! EyeMD EMR v1.0 Clients using IRIS registry

FigMD will no longer be administering the IRIS registry. Verana Health will be taking over that responsibility. Unlike FigMD, Verana Health will not integrate EyeMD EMR version 1.0 clients to the IRIS registry. In order to track and report MIPS data for 2023, you must upgrade to EyeMD EMR version 2.0 by July 1, 2023, then integrate with Verana by August 1, 2023. For questions relating to Verana Health or the IRIS registry dashboard, please contact Verana directly at 877-837-2621. For questions relating to upgrading EyeMD EMR to version 2.0, please contact customer service at 877-239-3367.

Read More »

Certification Status Update

As we reported in December 2020, EyeMD EMR 2.0 was one of the first Ophthalmic EMRs certified to meet Cures Act Criteria. That said, we (along with most other EMR vendors) still needed to certify 170.315(g)(10) to be ready for 2023 reporting. We are proud to report that EyeMD EMR 2.0 has passed all remaining certification criteria necessary for the Cures Act! The Drummond Group is currently preparing our updated certification package for submission to ONC. We expect our CHPL listing to be updated within 7-14 days. We are aware that a couple unscrupulous competitors out there are spreading misinformation about our certification status. While

Read More »

Hardship Exception Deadline

As a reminder, PI hardship exception applications are due January 3rd, 2023. If you are still on version 1.2 and/or were negatively impacted by Covid-19, this hardship is your only pathway to avoiding penalties. If you need help determining your eligibility, or need help with filing the application, please contact customer service at (877) 239-3367, option 3 before December 31st

Read More »

MIPS SAFER Guide Requirement for 2022

In performance year (PY) 2022, the Centers for Medicare & Medicaid Services (CMS) is requiring Merit-based Incentive Payment System (MIPS) eligible clinicians to attest to whether or not they have completed their self-assessment for the High Priority Practices Safety Assurance Factors for EHR Resilience (SAFER) Guides measure. The SAFER Guides enable healthcare organizations to address electronic health record safety in a variety of areas. At A Glance: 2022 MIPS SAFER Guide Requirements: For 2022, MIPS eligible clinicians are required to attest “yes” or “no” to completing an annual self-assessment using only the High Priority Practices guide to satisfy the requirement. Attesting “yes” signifies a participant has completed the annual self-assessment. Attesting “no” signifies a participant has not

Read More »
EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR

EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR
More Information More Information
More Information More Information