Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Hospitals held to ransom

Hospital security was in the news again last week, with a virus forcing a shutdown of computer systems at MedStar Health, a major Washington healthcare provider [1]. MedStar operates 10 hospitals and more than 250 outpatient facilities in the Washington region and is a major employer. With computer systems offline, MedStar hospitals have had to resort to paper charts and records, slowing operations enormously. Although unconfirmed, it's likely that the virus was yet another example of a cryptolocker ransomware, the type of which has affected at least three US hospitals this year [2]. Often, the provider will pay the ransom to recover its data, emboldening the criminals into further crimes.
A major problem with hospitals is that they often run outdated systems - sometimes they have no choice when a specialist application isn't certified for a current OS - and their users are uneducated in avoiding email viruses. In January, a virus was the cause of mayhem at one of Melbourne’s largest hospital networks [3], affecting meal delivery and pathology results. The systems affected were running Windows XP, no longer supported by Microsoft but in widespread installation at many hospitals. Hospitals make attractive targets for criminals, with personally identifying information (PII) targeted and used to commit identity fraud. Identity fraud encompasses crimes like applying for credit cards in your name, accessing your bank accounts and more.
On another front, as many as 1,418 vulnerabilities were discovered in end-of-life versions of CareFusion’s Pyxis SupplyStation system [4]. The affected products are automated supply cabinets used to dispense medical supplies that can document usage in real-time. Pyxis SupplyStation systems that operate on unsupported Server 2003/Windows XP are affected, demonstrating again the criticality of keeping operating systems up to date. Worse, the vulnerabilities could be exploited remotely and exploits are publicly available. CareFusion has reported that Version 9.3, Version 9.4, and Version 10.0 of the Pyxis SupplyStation systems that operate on Server 2008/Server 2012/Windows 7 do not contain the reported vulnerabilities.

The following are just a few things your organisation and users can do to help prevent these attacks:

 - Keep your operating system up to date
 - Don’t click on links or open attachments in unsolicited emails
 - Keep desktop anti-malware up to date
 - Don’t use your computer day-to-day with an administrator account
 - Keep up to date, offline backups of important data
 - When possible, patronise vendors that support up to date operating systems

[1] https://www.washingtonpost.com/local/virus-infects-medstar-health-systems-computers-hospital-officials-say/2016/03/28/480f7d66-f515-11e5-a3ce-f06b5ba21f33_story.html
http://www.tripwire.com/state-of-security/security-data-protection/ransomware-forces-hospitals-to-shut-down-network-resort-to-paper/

[2] http://arstechnica.com/security/2016/03/two-more-healthcare-networks-caught-up-in-outbreak-of-hospital-ransomware/

[3] http://www.lifehacker.com.au/2016/01/hack-attack-on-a-hospital-it-system-highlights-risk-of-sticking-with-windows-xp/

[4] https://ics-cert.us-cert.gov/advisories/ICSMA-16-089-01