Ransomware – Don’t Be the Next Victim

It’s the perfect crime. Force someone into giving you their money and then vanish without a trace. Ransomware is on the rise again, but it’s not because deviant technology is getting better. In fact, FBI crackdowns, patches, antivirus & antimalware solutions have significantly hampered their proliferation. In the absence of large-scale technological vulnerabilities that can impact millions, “Lone wolf” criminals are now targeting smaller organizations at an alarming rate. They analyze their victims’ computer systems looking for vulnerabilities, then plan a targeted attack. Anyone with digital assets and the ability to pay a ransom is at risk. Criminals who used to snatch purses or sell drugs are now turning their attention to digital crimes because they have a better chance at getting away with it. They are intentionally demanding smaller payouts to avoid prosecution and media attention. Local authorities are powerless to stop it as perpetrators often digitally cross state/country lines, and the FBI is overrun with complaints that will likely never be assigned to an agent.

The good news is that most attacks are executed by criminals with little to no hacking skills. Following these basic security precautions can and will protect you from these types of attacks. We urge you to ensure that your IT has performed the following steps (in order of priority):

#1 Remote Desktop servers should never expose the default TCP port of 3389 to the public internet. The best way to protect your RDP server is to not expose any RDP ports to the public internet. You can use VPN instead. If you must expose RDP ports to the public internet, make sure you install a product like RDPGuard.

#2 Never use weak passwords on any Windows User Account. Many attackers use brute force attacks with common password dictionaries to gain entry and remotely encrypt files.

#3 Train every employee to never provide remote support access to an unsolicited caller. Many attackers will call your practice pretending to be your PM/EHR vendor and will guide unsuspecting employees into giving them access!

#4 Perform a Windows Update on all your workstations and servers. Many ransomware outbreaks take advantage of known vulnerabilities in Windows that have already been patched by Microsoft.

#5 Never allow users to browse the internet on a server. Servers should be inaccessible to users. Remote Desktop servers should have “Internet Explorer Enhanced Security Configuration” enabled and should be restricted to only allow approved websites.

#6 AVOID assigning drive letters to your backup drives. “Hackers” look for backup drives and will encrypt your backup files along with your EHR files if they find them.

#7 NEVER map network drive letters on workstations to your EyeMD EMR Image Server directory (or parent directories). Automated Ransomware software typically only infects workstations. It scans all of your workstation’s drives looking for documents to encrypt. Mapping Network Drives to your EyeMD EMR Image Server Directory allows ransomware to encrypt documents (PDF & JPG) linked to the EMR system.
MALCONFIGURED
R: Drive Mapped to \\SERVER\EyeMD_Data\ a shared folder of D:\EyeMD_Data\
R: Drive Mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\
R: Drive Mapped to \\SERVER\D\ a shared folder of D:\

PROPERLY CONFIGURED
R: Drive Mapped to \\SERVER\OCT\ a shared folder of D:\EyeMD_Data\DEVICES\OCT\
NO drives mapped to \\SERVER\IMAGES\ a shared folder of D:\EyeMD_Data\IMAGES\

#8 IN ADDITION to backing up your data to a local drive (for fast recovery), make sure you are also backing up your data offsite. We recommend Amazon Glacier, however, there are many other reputable cloud backup vendors to choose from.

#9 Install/Update CryptoPrevent on all your workstations and servers, apply the default policies, and periodically check for updates. CryptoPrevent is a freeware software that automatically configures your operating system to block the execution of rogue applications by preventing the execution of programs in temporary directories and by using other effective techniques. It is by far the most effective way to prevent the destruction caused by Ransomware. Anti-Virus & Anti-Malware software programs can only protect you from known variants. By the time it is known, new variants emerge. Be advised that this tool may adversely affect logon scripts so please consult your IT before installing this application. https://www.eyemdemr.com/downloads/CryptoPreventSetup.exe

If you have been infected by Ransomware, DO NOT FORMAT/WIPE YOUR SERVER UNTIL YOU HAVE SAVED AN IMAGE OF IT! Please contact us before taking any action on your system. If you cannot recover your files from a backup or using any of the tools below, the FBI considers paying the ransom to be an option that your business should consider. Although a decryption key is usually provided after paying the ransom, there has been cases where a ransom was paid and no key was provided in return. You should also report the crime to the Internet Crime Complaint Center.
Cisco TALOS TeslaCrypt Decryption Tool
Kaspersky Ransomware Decryptor

If you have any questions regarding Ransomware, please help us keep our technical support lines available for EyeMD EMR related issues by directing these questions to your IT.

Share this Post:

Related Posts

MIPS Highlights 2023 – Winter Edition

November 29, 2023

As 2023 comes to a close, you should be well versed in the status of MIPS for your practice. If you haven’t met with your Verana Practice Experience Manager (PEM) recently, December is your final chance to connect and identify any last-minute tasks that need to be completed prior to the year’s end. Please reach out to your PEM to schedule a pre-attestation assessment if you have not already done so. If your practice will be attesting to Promoting Interoperability, please reach out to customer service by calling 877-239-3367 to schedule a pre-attestation review with a trainer no later than February 15, 2024. Your practice

Read More »

MIPS Highlights 2023 – Spring Edition

April 5, 2023

IRIS Registry Transition The IRIS Registry has been transitioned from the original vendor, FIGmd, to Verana Health. At this point, you should already be working with Verana on transitioning. Please continue to work with your Practice Experience Manager (PEM) and monitor your Quality Dashboard throughout the year to avoid attestation surprises. If you have not yet signed up with Verana, please know that as an EyeMD EMR customer you will be prioritized for transition in April 2023. Please keep an eye out for any emails or notifications from Verana and work with them to get your new dashboard up and running to ensure a successful

Read More »

Important! EyeMD EMR v1.0 Clients using IRIS registry

April 4, 2023

FigMD will no longer be administering the IRIS registry. Verana Health will be taking over that responsibility. Unlike FigMD, Verana Health will not integrate EyeMD EMR version 1.0 clients to the IRIS registry. In order to track and report MIPS data for 2023, you must upgrade to EyeMD EMR version 2.0 by July 1, 2023, then integrate with Verana by August 1, 2023. For questions relating to Verana Health or the IRIS registry dashboard, please contact Verana directly at 877-837-2621. For questions relating to upgrading EyeMD EMR to version 2.0, please contact customer service at 877-239-3367.

Read More »

Certification Status Update

December 16, 2022

As we reported in December 2020, EyeMD EMR 2.0 was one of the first Ophthalmic EMRs certified to meet Cures Act Criteria. That said, we (along with most other EMR vendors) still needed to certify 170.315(g)(10) to be ready for 2023 reporting. We are proud to report that EyeMD EMR 2.0 has passed all remaining certification criteria necessary for the Cures Act! The Drummond Group is currently preparing our updated certification package for submission to ONC. We expect our CHPL listing to be updated within 7-14 days. We are aware that a couple unscrupulous competitors out there are spreading misinformation about our certification status. While

Read More »

Hardship Exception Deadline

December 16, 2022

As a reminder, PI hardship exception applications are due January 3rd, 2023. If you are still on version 1.2 and/or were negatively impacted by Covid-19, this hardship is your only pathway to avoiding penalties. If you need help determining your eligibility, or need help with filing the application, please contact customer service at (877) 239-3367, option 3 before December 31st

Read More »

MIPS SAFER Guide Requirement for 2022

December 6, 2022

In performance year (PY) 2022, the Centers for Medicare & Medicaid Services (CMS) is requiring Merit-based Incentive Payment System (MIPS) eligible clinicians to attest to whether or not they have completed their self-assessment for the High Priority Practices Safety Assurance Factors for EHR Resilience (SAFER) Guides measure. The SAFER Guides enable healthcare organizations to address electronic health record safety in a variety of areas. At A Glance: 2022 MIPS SAFER Guide Requirements: For 2022, MIPS eligible clinicians are required to attest “yes” or “no” to completing an annual self-assessment using only the High Priority Practices guide to satisfy the requirement. Attesting “yes” signifies a participant has completed the annual self-assessment. Attesting “no” signifies a participant has not

Read More »
EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR

EyeMD EMR Named 2024 Best In KLAS: Ambulatory **Ophthalmology** EMR
More Information More Information
More Information More Information