Expert Comments on MedStar Health Ransomware Incident

MedStar Health, the largest healthcare provider in Maryland and Washington, D.C., was forced to disable its network after an alleged ransomware attack infected several systems. Here to comment on this news is Wolfgang Kandek, CTO,  Qualys.

Wolfgang Kandek, CTO,  Qualys:

Ransomware is quickly becoming a significant threat to the availability of the IT infrastructure of organizations of all industry areas and sizes. In order to minimize the susceptibility to ransomware, IT managers need to harden their users’ workstations as these are the main targets of the attacks. Ransomware gets on the user’s system through two major vectors: 

  • Vulnerabilities: for example, a trusted website serves an advertisement that contains an exploit for a recent Flash vulnerability. The exploit then downloads the ransomware which starts encrypting files.
  • Configuration flaws: for example, allowing automatic active content in documents downloaded from the Internet.  

Both cases are relatively easy to address, vulnerabilities through patching and configuration flaws through setup changes. An accurate inventory of the hardware and software deployed and its current configuration settings are vital to close down the most  active attack vectors.”