My TechDecisions

Managed Service, Network Security, News

Microsoft: Hospitals Vulnerable to Ransomware, Must Fix VPNs

Microsoft says it has identified dozens of hospitals that have vulnerable gateway and virtual private network (VPN) appliances in their infrastructure.

Leave a Comment

Microsoft Hospitals

Microsoft announced on Wednesday that it has identified dozens of hospitals that have vulnerable gateway and virtual private network (VPN) appliances in their infrastructure that make them susceptible to more sophisticated human-operated ransomware attacks during the COVID-19 crisis.

“To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others,” the company said in a blog post.

Microsoft said it has observed several nation-state and cybercrime actors targeting unpatched VPN systems for many months. Although some ransomware attackers have vowed to spare the healthcare industry during the coronavirus outbreak, Microsoft says the individuals behind the REvil ransomware are scanning the internet for vulnerable systems.

These attackers are relying mostly on social engineering tactics, preying on people’s fears and need for information during the COVID-19 crisis, the tech giant says.

Read Next: Ransomware Attackers Vow to Not Strike Healthcare During COVID-19 Pandemic

Ransomware attacks have increased in quantity and severity over the past several years. Usually, they shut down the victim’s computer until the victim pays a ransom in digital currency.

Microsoft recommends all enterprises do the following:

  • Apply all available security updates for VPN and firewall configurations.
  • Monitor and pay special attention to your remote access infrastructure. Any detections from security products or anomalies found in event logs should be investigated immediately.  In the event of a compromise, ensure that any account used on these devices has a password reset, as the credentials could have been exfiltrated.
  • Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. To address malicious activity initiated through weaponized Office documents, use rules that block advanced macro activity, executable content, process creation, and process injection initiated by Office applications. To assess the impact of these rules, deploy them in audit mode.
  • Turn on AMSI for Office VBA if you have Office 365.

It also provided mitigation steps for making networks resistant to ransomware and cyberattacks in general. The mitigation steps can be found here.

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ