Ransomware in Healthcare: 21 Preventative Steps You Can Take

Ransomware has reached headlines lately with several healthcare organizations globally falling victim, as seen in As Ransomware Crisis Explodes, Hollywood Hospital Coughs Up $17,000 In Bitcoin. Breaches are top of mind in healthcare as far as security and privacy, and within many types of breaches ransomware is the highest priority across most healthcare organizations I have worked with over the last six months.


Compliance with regulations, laws and standards is important, but increasingly organizations realize they need to go well beyond basic regulatory compliance to effectively mitigate risk of breaches, and they are motivated up to the board level with the strong desire to not be the next breach or ransomware victim and headline. Ransomware.jpg


While most security concerns to date have revolved around breaches of confidentiality, or unauthorized access to patient information, ransomware is not a breach of confidentiality, but rather of availability. In security speak, “availability” is timely and reliable access to patient information. Ransomware prevents access to patient information by encrypting this information and withholding the decryption key until a ransom is paid. Exacerbating this, paying a ransom is no guarantee of provision of the decryption key.


As we have seen, this can compromise mission critical services to where hospitals need to turn patients away. Healthcare is particularly vulnerable to this type of breach because they are generally lagging other verticals in security, and have a very low tolerance for disruption. I suspect this problem is a lot worse than most people realize because many ransomware infections go unreported, as many countries lack breach notification rules, or those rules cover compromise to confidentiality, but not availability as in the case of ransomware.


A real danger in securing against this type of breach is the tendency to gravitate to one particular safeguard, such as backup and restore, which while important is just one of many things you can do to secure yourself against ransomware. In this blog, I explore several different safeguards you should consider as part of your holistic, multi-layered, defense-in-depth approach in securing against ransomware. None of these alone is a panacea. Together they represent a very effective, holistic, multi-layered, defense-in-depth security posture against ransomware.


  1. Policy: ransomware often starts with employee actions and mistakes. Examples include clicking malicious links in emails or websites, opening email attachments, plugging in malware infected removable storage devices such as USB keys and so forth. Policy governs employee actions. Is your policy accurate, complete and up to date, especially as it pertains to employee actions that can lead to ransomware infections?
  2. Audit and Compliance: policy is a critical foundation of your security practice. To ensure employees are following it you need audit and compliance, in particular to ensure employee compliance with policy in the areas that could lead to ransomware infection.
  3. Risk Assessment: risk assessment is a key tool to identify risks to confidentiality, integrity and availability of patient information, including for risks such as ransomware. You can prioritize risks by impact and probability of occurrence, triage the top risks and address them through application of safeguards. The business impact of ransomware goes well beyond the ransom that may be paid since it can disrupt your mission critical business systems and processes and effectively halt your business.
  4. Anti-malware: having a good anti-malware solution installed on all endpoints, updated and effective is key in detection and remediation, for example quarantine, of malware including ransomware. You will not catch all ransomware this way, but many, especially older variants, will be caught.
  5. User Awareness Training: most ransomware infections start with employee actions. Training can help employees detect and avoid actions that could lead to infections. Again, not a perfect safeguard, but important in your overall anti-ransomware defense. Spear phishing training is particularly important to include in your overall training program.
  6. Email Gateway: email is a key ransomware infection vector, with spear phishing emails containing malicious links coaxing employees to click them, in which case a drive-by-download and infection of ransomware can result. Your email gateway can oversee emails and detect and block many of these.
  7. Web Gateway: web browsing (and clicking) is another key infection vector, with employees visiting websites and inadvertently clicking on malicious links that cause ransomware infections, again by drive-by-downloads. A good web gateway can detect many such websites, and help block these types of infections.
  8. Vulnerability Management and Patching: vulnerable devices and software create openings for malware and ransomware infections. A good vulnerability management program can identify vulnerabilities, for example in old, unpatched, or misconfigured software, and proactively remediate such vulnerabilities to block ransomware.
  9. Security Incident Response Plan: in the event of an infection such as ransomware, how your organization responds is key to faster resolution and minimizing business impact. Having a good, tested plan that employees can execute to quickly and efficiently, with good coordination, is key to enabling this. This plan should include PR and communications for breach notification if needed.
  10. Backup and Restore: currently the “safeguard du jour” for ransomware, backup and restore is critical. Have it, use it (everywhere you have data), test it (test restore regularly), and make sure it is versioned, and some versions air-gapped with offline backup archives. Ransomware may get into your backups too, depending on when it occurs in your backup cycle, and how quickly you detect it and stop it, but if you have versioning and / or an air-gapped backup then you will have a workable backup version to restore. Keep in mind this is not a panacea though, since rolling back to a previous backup version effectively undoes updates since then, and missing patient information updates can translate into direct risks to patient safety and business impact. This is why backup and restore is necessary but not sufficient. It is far preferable to avoid ransomware in the first place.
  11. Device Control: this is the ability to enforce policy regarding removable storage. For example if an employee plugs in a ransomware infected removable storage device such as a USB key, this safeguard can enforce policy preventing ransomware jumping from the device to your IT network.
  12. Penetration Testing and Vulnerability Scanning: as seen in FBI raises alarm over ransomware targeting U.S. businesses ransomware can enter your network through vulnerable or unpatched software, especially software facing the external Internet. Proactive penetration testing such external facing applications and interfaces to identify and remediate such vulnerabilities is key to mitigating risk of this type of ransomware infection.
  13. Endpoint DLP: Data Loss Prevention software running on endpoint devices can enforce policy and help prevent user actions that can lead to malware infections such as ransomware.
  14. Network Segmentation: segmenting your network can help quarantine or localize any malware infections to prevent propagation across your network. This can limit the extent of infection, lessening business impact, and enabling faster resolution.
  15. Network IPS: a network Intrusion Prevention System can monitor network traffic to detect and prevent malicious activity, such as that which could lead to a ransomware infection.
  16. Whitelisting: useful on endpoint devices, whitelisting limits which applications can execute to a small list of approved applications. If ransomware was to get onto a machine with whitelisting it would be benign on that machine since it is not on the approved list of applications and therefore blocked from executing, and therefore unable to encrypt any patient information. This type of safeguard can be particularly useful on medical devices that don’t get patched or updated frequently.
  17. Network DLP: this type of DLP runs on a network and can enforce policy, including detection and prevention of network interactions and traffic that could lead to ransomware infection.
  18. Digital Forensics: in the event of an infection, digital forensics can help identify the type of ransomware, the extent of infection, and how it occurred, which are key to reducing business impact, and preventing future infections.
  19. SIEM: Security Information and Event Management can help provide realtime analysis of security alerts from across your applications and network, enabling faster detection and remediation of ransomware.
  20. Threat Intelligence Exchange: this can enable realtime exchange of threat information between safeguards in your network, and a global threat intelligence backbone from your security provider(s), helping orchestrate defense against ransomware. This is a critical part of the “immune response” of your organization to ransomware, which will help stop it and kill it as fast as possible.
  21. Business Continuity and Disaster Recovery: as we have seen some recent high profile ransomware infections have essentially shutdown the information technology systems of healthcare organizations, crippling mission critical business processes to the point where they had to send patients elsewhere. Having a good BC / DR capability with mirroring of data and hot standby can be helpful in keeping mission critical systems going while remediation is occurring. The effectiveness of this safeguard against ransomware depends on ransomware not propagating to your hot standby system, as can be prevented by various safeguards discussed previously.


No organization wants to be “at the back of the herd” or “low hanging fruit” for attacks such as ransomware. It has been difficult in the past for healthcare organizations to measure or benchmark their breach security against the rest of the healthcare industry. It is one thing having a gap in your safeguards if everyone else has that gap. However, if you have a gap and most others don’t then you could be relatively vulnerable.


Intel Health and Life Sciences and several industry partners are currently conducting complementary, confidential breach security assessments for provider, payer, pharma and life sciences organizations globally. Through this one hour engagement healthcare organizations are able to benchmark their breach security across 42 safeguard capabilities and 8 different types of breaches, including ransomware, against the rest of the industry to see what percentile they are in terms of readiness, and gaps and opportunities for improvement they may have.

Read more >

SE7210TP1-E server board loses memmory

Have a SE7210TP1-E server board and since I added a nvidia ge force 6200  pci graphics card the system reserved 1 gig of ram for it self.


Question is WHY?

Have 4 gig ram onboard, if I unplug graphics card I have 4 gig system ram available again. WHY?


The onboard graphics card is a ATI rage 2 xl chipset with 8 meg ram.

The onboard graphics cant handle video data of today anymore.

Read more >

Riding and Taming Security’s Perfect Storm with Intel Core vPro

Cyberthreats, unfortunately, never take a holiday. In fact, with each passing day, attacks become more numerous, organized, powerful, and, with the explosion in smart devices and cloud-based systems, more opportunistic.


No wonder 50 percent of the 182 IT professionals who participated in Computerworld’s Forecast 2016 survey said they plan to increase spending on security technologies in the next 12 months. Security ran a close second after cloud computing as the most important technology project currently underway at their organizations.


Security’s ‘Perfect Storm’

Mike Seawright, director of security business development at Intel, discussed these challenges in Secure Your Business, our latest webinar in the Business Devices Webinar Series. Not only are IT security professionals facing increasing complexity with more devices and the shift to cloud computing, but they must act quickly, as organizations can be compromised in mere minutes, while utilizing limited staffing and budget resources.


The latest devices with Intel vPro technology offer a solid first line of defense in preventing threats. Built on Intel’s security technologies, each successive generation delivers evolutionary security capabilities. Intel Core vPro processors feature remote capabilities that allow scarce IT staff resources to maximize their efficiency in protecting compute devices across the enterprise.

What Aspects of Security Are Most Important?

Unfortunately, there is no easy strategy to take in IT security. “Security is complicated—sorry folks!” Mike said. To be truly secure, he explained, IT departments need to defend all areas against modern attacks: identity, platform, data, and applications.

However, Mike explained, a whopping half of all security breaches stem from identity and authentication gaps, so stronger authentication is a key part of security. Fortunately, Intel and Microsoft work collaboratively to combat security threats with user-friendly features and technologies such as True Key by Intel Security, Microsoft Credential Guard, and Intel Identity Protection Technology Multifactor Authentication.

These and other multifaceted defensive tactics and tools were explained in the hour-long webinar, which included a Q&A session. Here is a sample of what webinar participants had on their minds:

Q: I have health care clients. Do you have a security checklist?


Mike: Our health care team has a presentation you could use for this. Send me a note at


Q: Does True Key update itself?


Mike: True Key is like most software in that some portions will update automatically if that setting is applied. But then as we have major releases, it will usually require a user update.


Q: Are there any encryption key “manager” apps available for SMBs or partners that are acting as the IT department for multiple SMBs?


Mike: The McAfee ePolicy Orchestrator does a nice job of this. Another vendor to look at would be Venafi.


If you missed the webinar, you can listen in to the on-demand version available now and hear other questions and answers as well as download the presentation slides.


Ask a Question, Win a Tablet

This month, the lucky winners of a new Intel-based tablet and a new set of SMS Audio BioSport Smart Earbuds are Ed Goad of MeteorComm and D. Komnick of Advanced Business Technology Services, respectively. Congrats to both! And, if you didn’t win this time, you’ll have another chance to ask questions and win at the next webinar, which is sure to be a popular one: Introducing 6th Gen Intel Core vPro.


If you’ve already registered for the Business Devices Webinar Series, you’re all set: just click on the link in the reminder email you’ll receive a day or two before the event. But if you need to register, you can join our next webinar by clicking here.


  With the latest Intel Core vPro processor-based devices, more businesses big and small can set and reach their New Year’s resolution to make their entire enterprise more secure.

Read more >

Happily Ever After: Windows 10 and Intel Core vPro a Perfect Match for Better Productivity, Security, Manageability

By the time a couple is married 21 years, they’ve had their share of disagreements, unlocked the mysteries of the other, and, happily, come to the realization that they’re better together than not.


Such is the double-decade partnership between Intel and Microsoft, which has persevered through tech booms and busts. The “Better Together: Windows 10 and Intel Core vPro Processor-based Devices” webinar glimpsed into the future with the Intel Core vPro processor and Microsoft OS, Windows 10. We saw how they work together to raise the bar in enterprise computing, with much excitement from end users, IT and business decision makers, and OEMs.


Windows 10 fully supports the Intel vPro pillars of strength—productivity, security, and manageability—with a familiar Windows 7-based user interface and numerous new dynamic features. For example, for better productivity, Microsoft host expert Stephen Rose explained how a device used as a PC with a keyboard and mouse can switch for optimal tablet use. Windows 10 responds automatically by adjusting window size for touch-based actions and biometrics.

Sixth-gen Intel Core vPro processor-based devices “are the most manageable, most productive, and most secure platform for enterprise,” webinar Intel technology expert Greg Reiff said. Intel Core vPro has enabled the creation of more streamlined form factors that are 50 percent thinner, 50 percent lighter than devices more than four years old, and use much less power.

With the newest features in Windows 10, users and IT departments can build more security around their data and devices. Features such as Intel Virtualization Technology prevent unauthorized software from being loaded, and Intel SSD Pro Series Data Protection guards data off-network. These features on the back end support the mission on the front end to “kill the password,” according to Rose, by “moving away from what you know [passwords] to what you have; things like your face (detected via Intel RealSense and Microsoft Hello), fingerprints, and wearables.”

Webinar attendees were clamoring to know more, asking many questions during the interactive Q&A. Here’s a sample:

Q: Can you add biometric devices to older PCs that run Windows 10?

Steve Forsberg (Intel host expert): You could attach an external RealSense camera if your older hardware does not have an infrared camera integrated.

Q: Are the new Intel Q170 chipset machines shipping now?

Greg Reiff (Intel host expert): Some are shipping but not as enterprise Intel Core vPro platforms [those are scheduled for release soon].

Q: Is the Microsoft Surface Pro 4 tablet available through distribution?

Stephen Rose (Microsoft host expert): Yes. We have a wide variety of resellers including Dell, CDW, and others.

Q: Is the process/recommendation of upgrading the UEFI published somewhere?

Greg Reiff: Upgrading a platform’s BIOS to UEFI is OEM-specific. Each OEM should have an upgrade guide on their support site under drivers > firmware > download. If vPro is enabled, we have best practices documents on

As with all webinars in the Business Devices Webinar Series, participants were entered into a drawing for an Intel-based tablet or a set of SMS Audio BioSport smart earbuds. Congratulations to tablet winner Kent Liu of Williams-Sonoma and to Andy Yu of American Portwell Technologies for scoring the cool earbuds!

Our next webinar is happening December 9, 10 a.m. PST. Be sure to attend, because it’s all about security: what the key risks are, how to manage them, and ways to prepare with the latest solutions from our top technology experts.

If you’ve already registered for the Business Devices Webinar Series, click on the link in the reminder email you’ll receive a day or two before the event. If you need to register, we’d love to have you join our next session by clicking here.

The “Better Together: Windows 10 and Intel Core vPro Processor-based Devices” webinar can be watched anytime on demand if you missed it. For more on how Windows 10 and the latest Intel technology can help businesses overcome their challenges, read this recent white paper.

It’s exciting to see how ongoing collaboration between Intel and Microsoft continues to advance better, more efficient, and more amazing experiences in the world of enterprise computing.

Read more >

Graphics Driver issue

I recently upgraded from Windows 7 to Windows 10 and now when my grandson tries to play Minecraft he gets an error message that the graphics driver needs updated.  I determined that it currently has a Intel Driver and I ran the Intel Driver Utility and it came back and said no drivers were needed.  I thought I would try and manually download a driver but when I went to the list of Intel drivers there was not one for Windows 10.  Only Windows 7 and Vista.  I tried to download that one and received an error message that my computer did not meet the minimum requirements.  Has anyone else run into a similar issue and if so how did you resolve it?

Read more >

Multiple Alarms Feature

Hello, I am trying to remotely configure 150ish PC’s with multiple AMT Alarms.  I can see from this webpage that AMT 8.0 and later supports the Multiple Alarm Feature, and all of our machines are 8.1 or newer.  I have successfully created individual alarms on multiple machines at once using the Intel vPro PowerShell GUI.  (Very hand tool BTW.)  I assume however that the tool was built before the ability to have multiple alarms as the option to set them does not exist in the GUI.  When I run a Get-Help command on Set-AMTAlarmclock I don’t see a reference to the “ElementName” filed mentioned in the link above that appears to identify the individual alarms.


I’m fairly new to AMT and PowerShell and would appreciate any guidance you can provide.


I apologize if this is not the correct Forum, I couldn’t find another that was more relevant.  I realize this is not related to Intel SCS.


Thank you for your time,




Read more >