My TechDecisions

Managed Service, Network Security, News

Microsoft: Hospitals Vulnerable to Ransomware, Must Fix VPNs

Microsoft says it has identified dozens of hospitals that have vulnerable gateway and virtual private network (VPN) appliances in their infrastructure.

Leave a Comment

Microsoft Hospitals

Microsoft announced on Wednesday that it has identified dozens of hospitals that have vulnerable gateway and virtual private network (VPN) appliances in their infrastructure that make them susceptible to more sophisticated human-operated ransomware attacks during the COVID-19 crisis.

“To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others,” the company said in a blog post.

Microsoft said it has observed several nation-state and cybercrime actors targeting unpatched VPN systems for many months. Although some ransomware attackers have vowed to spare the healthcare industry during the coronavirus outbreak, Microsoft says the individuals behind the REvil ransomware are scanning the internet for vulnerable systems.

These attackers are relying mostly on social engineering tactics, preying on people’s fears and need for information during the COVID-19 crisis, the tech giant says.

Read Next: Ransomware Attackers Vow to Not Strike Healthcare During COVID-19 Pandemic

Ransomware attacks have increased in quantity and severity over the past several years. Usually, they shut down the victim’s computer until the victim pays a ransom in digital currency.

Microsoft recommends all enterprises do the following:

  • Apply all available security updates for VPN and firewall configurations.
  • Monitor and pay special attention to your remote access infrastructure. Any detections from security products or anomalies found in event logs should be investigated immediately.  In the event of a compromise, ensure that any account used on these devices has a password reset, as the credentials could have been exfiltrated.
  • Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. To address malicious activity initiated through weaponized Office documents, use rules that block advanced macro activity, executable content, process creation, and process injection initiated by Office applications. To assess the impact of these rules, deploy them in audit mode.
  • Turn on AMSI for Office VBA if you have Office 365.

It also provided mitigation steps for making networks resistant to ransomware and cyberattacks in general. The mitigation steps can be found here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ