AMA Issues Cyber Alert

Date of Publication (May 16, 2017)

The United States Computer Emergency Readiness Team (US-CERT) has received multiple reports of ‘WannaCry’ (also known as ‘WannaCrypt’) ransomware infections in several countries around the world and in the United States.  Some of these infections are impacting patient access to care.  Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.  Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

In addition to the information provided below, the AMA has resources to help physicians conduct a conduct a checkup, and to secure their networks and office computers.  Additionally, the AMA has been engaged with the administration since the cyberattack and will continue to monitor the situation to update you as more information becomes available.  In the meantime, please let us know by replying to this email whether your members have been impacted by the WannaCry infection.  

What Should I Do Now?

Ransomware can infect computers and medical devices.  The WannaCry infection affects systems running Windows and spreads easily when it encounters unpatched or outdated software.  Physicians should ensure that their computer’s operating systems and anti-virus software are updated and patched: 
  • Run Windows Update immediately.  Download and install any available updates (‘patches’).  Run a scan on your anti-virus software and follow its prompts.  Microsoft has released a customized patch for older platforms that do not receive mainstream updates, including Windows XP, Windows 8, and Windows Server 2003. At this time, Windows 10 has not been targeted by the attack.
  • Check your computer’s settings to ensure that the system will automatically download and install new versions of the operating system and Microsoft Office software.  Do the same for your anti-virus software.
  • Note when the computer will install these new updates and make sure the computer is on at that time.
In addition, physicians should contact their medical device vendors and manufacturers to ensure that they have patched their device software.  Medical device manufacturers can always update a medical device for cybersecurity; the FDA does not typically need to review changes made to medical devices solely to strengthen cybersecurity.

How to Help Protect Yourself from Downloads and Email-Based Ransomware

Ransomware can be delivered via email by attachments or links within the email.  Attachments in emails can include documents, zip files, and executable applications.  Malicious links in emails can link directly to a malicious website the attacker uses to place malware on a system.  To help protect yourself, be aware of the following:
  • Only open emails from people you know and that you are expecting.  The attacker can impersonate the sender, or the computer belonging to someone you know may be infected without his or her knowledge.
  • Do not open email attachments from an unknown, suspicious, or untrustworthy source.  If you're not familiar with the sender, do not open, download, or execute any files or email attachments.
  • Do not open an email attachment unless you know what it is, even if it appears to come from a friend or someone you know.  Some viruses replicate themselves and spread via email.  Stay on the safe side and confirm that the attachment was sent from a trusted source before you open it.
  • Do not open any email attachments if the subject line is questionable.  If you think that the attachment may be important to you, always save the file to your hard drive before you open it.
  • Vigilance is the best defense against phishing scams.  “Phishing” describes email scams that attempt to acquire confidential information such as credit card numbers, personal identity data, and passwords.  Often these emails look like they come from real companies or trusted individuals.  If you want to find out whether the email is legitimate, contact the company via their published customer service contacts.  Do not reply to the email or click on any links.  
  • Exercise caution when downloading files from the internet.  Make sure that the website is legitimate and reputable.  If you have any doubts, don't download the file. 
  • Do not open messages or click on links from unknown users in your instant messaging program.  Instant messaging can be a vehicle for transmitting viruses and other malicious code, and it’s another means of initiating phishing scams.
Example of Ransomware
This is an example of what the ransomware may look like:

Recent News

University of Iowa Conducting PMP Survey

Researchers at the University of Iowa College of Pharmacy are asking Iowa licensed healthcare providers to participate in a survey to study their familiarity with Iowa’s Prescription Monitoring Program (PMP).

AMA Letter to Senate: Make Coverage Affordable, Accessible to All

This week the AMA sent a letter to Senate Finance Committee Chairman Orrin Hatch (R-Utah) in response to his request to health care organizations asking for recommendations to improve the American Health Care Act (AHCA) as passed by the U.S. House...

Medicaid Provider Enrollment Deadline Looming

Last week, Iowa Medicaid Enterprise (IME) announced that approximately 10,000 current Medicaid providers have not yet completed mandatory Medicaid provider enrollment renewal ahead of the impending June 30 deadline.

Changes to Medicare Coverage of Hepatitis B Screening: What Physicians Should Know

Medicare now covers screening for Hepatitis B Virus (HBV) infection, effective for services on or after Sept. 28, 2016. Practices should be aware that Medicare coinsurance and the Part B deductible are waived for this preventive service.

Mercy - Des Moines Approved for First Psychiatric Residency Class in 2018

Mercy Medical Center – Des Moines announced this week it received approval to begin training psychiatric residency physicians in July 2018. This new residency program addresses a critical statewide shortage of behavioral health providers.

AMA Issues Cyber Alert

The United States Computer Emergency Readiness Team (US-CERT) has received multiple reports of ‘WannaCry’ (also known as ‘WannaCrypt’) ransomware infections in several countries around the world and in the United States.

Got News?

Is there something you think we should be covering? What would you like to see IMS report on? Click here to let us know.