This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
As hospitals attacked, U.S. indicts foreign hackers for targeting banks, dam in N.Y.
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Just as the U.S. announced the indictment of seven Iranians accused of hacking Wells Fargo, JP Morgan Chase, Bank of America, and several other banks and entities nationwide, U.S. hospitals were in the midst of dealing with the aftermath of malware attacks.
On March 24, according to news reports, the Justice Department indicted seven hackers who reportedly work for Iran’s Islamic Revolutionary Guard Corps. Not only were the hackers behind the cyberattacks of dozens of American banks that began in 2011, but they were also responsible for attacks on AT&T and the New York Stock Exchange.
In announcing the indictments March 24, U.S. Attorney Loretta Lynch said hackers also tried to take control of a small dam in Rye, N.Y.
“If you’re a computer hacker sitting overseas in whatever country you’ve chosen to hide in, this indictment sends a powerful message that the full force of the federal government will come after you,” Lynch said during a news conference.
None of the individuals charged are located in the United States.
Hospitals Hit with Ransomware
Meanwhile, on March 28, the Associated Press reported that the FBI was investigating an attack that crippled the computer systems at Washington’s Georgetown University Hospital. That hospital is operated by MedStar Health, which operates 10 hospitals in the Baltimore and Washington metropolitan areas. It was unclear whether the virus is ransomware or whether patient data was comprised, the wire service reported.
Kentucky Methodist Hospital in Henderson, Ky., declared a state of emergency March 18 after a ransomware attack encrypted its data, according to news reports.
Ransomware is a virus that encrypts and locks files. It is virtually impossible to decipher the encryption, so the FBI has advised affected businesses that haven’t backed up their files to pay the ransom. Once the ransom is paid, hackers send a key to unlock the documents. In the Kentucky case, hackers demanded $1,600. As the hospital debated paying the ransom, it shut down all of its desktop computers and eventually activated a backup system.
The FBI is investigating that attack as well as two others.
Chino Valley Medical Center and Desert Valley Hospital, both in California, also were hit with ransomware attacks last week. The hospitals in Kentucky and California are all running normally.
Fred Ortega, spokesman of Prime Healthcare Services, which owns both the California hospitals, declined to comment on the ransom amounts and other details, citing the ongoing investigation. He told news outlets the attacks caused “significant disruptions of our IT systems. However, most of the systems and the critical infrastructure has been brought back online.”
These cases mirror one last month at Hollywood Presbyterian Medical Center in Los Angeles. In that case, hackers infected the hospital’s systems with malware and demanded $17,000 to restore access to e-mail and electronic health records. That hospital paid the ransom.
What Should HR Do?
SHRM Online that all HR and IT personnel must take steps to ensure their organizations’ safety and to safeguard against vulnerabilities—and this can be especially important for hospitals.
Trend Micro, a Los Angeles-based global security software company, reports that “more than 26 percent of all data breaches occur in health care, making it the No. 1 targeted industry in the U.S.”
Trend Micro is calling 2016 “the year of the ransomware.” And
SHRM Online that ransom demands will increase.
“Extortion attacks, whether using crypto-ransomware, DDOS [distributed denial of service] or other tools have proven effective and profitable for the actors behind them,” Jon Clay, senior global marketing manager at Trend Micro, told
SHRM Online. “We’re seeing more attacks occur due to the success of past attacks.”
And although experts advise backing up files, hackers are targeting those backup files, too. Security awareness training firm KnowBe4 cautioned companies to heed new FBI and Microsoft alerts, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. This means they’re attempting to wipe out all backups, infect all key machines with ransomware and then demand payment, KnowBe4 has explained.
This latest method uses a little-known strain of ransomware called Samas, first discovered in 2014. According to research by Microsoft, the majority of infections thus far have been detected in North America, with a few instances in Europe, according to KnowBe4.
“It is not clear yet if the current attack starts with phishing e-mails, which infect a single workstation with ransomware and then installs a Trojan that allows the hackers into the network, or if the network gets penetrated first and subsequently gets infected with ransomware,” KnowBe4’s CEO Stu Sjouwerman said. “It looks like targeted ransomware attacks have indeed arrived and will be around awhile.”
KnowBe4 offered these tips for companies on prevention and mitigation:
HR must be especially vigilant as ransomware continues to sweep through U.S. companies, making companies and their employees vulnerable to theft. In a post on the social networking site Reddit earlier this week, someone wrote: “It's happened again: My HR rep fell victim to a phishing scam and sent all 50 employees’ tax info to some fraudster yesterday. Company has yet to notify everyone officially. What should I do?”
Said Sjouwerman, “HR and accounting should themselves be very wary of opening any attachment they did not ask for. Only view attachments using Google Chrome’s ‘view’ option, which … does not actually open the document. The same thing is true for all employees. HR should work hand-in-hand with IT to deploy effective security awareness training which includes frequent simulated phishing attacks.”
Aliah D. Wright is an online editor/manager for SHRM.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
HR Education in a City Near You
SHRM’s HR Vendor Directory contains over 10,000 companies