May 16, 2017
Re: WannaCry Ransomware Virus
Dear Valued Customer,
InTouch Health has not been impacted by the WannaCry ransomware virus. InTouch Health became aware of WannaCry the morning of Friday, May 12, 2017 and took the following proactive, preventive actions:
- Initiated an incident response plan in the event of a potential incident
- Confirmed anti-virus definitions are up to date to ward off potential threats
- Completed an immediate Windows Patch assessment and initiated remedial action on Microsoft patch MS17-010
- Shut down SMB (TCP/455) between all critical and PHI containing systems to restrict access from systems potentially infected with the WannaCry virus
- Executed point in time backup of all systems for business continuity and disaster recovery
- Disconnected Windows-based backup systems server from the network to preserve data integrity
The proliferation of the WannaCry virus is primarily through a Remote Desktop Protocol (RDP) vulnerability and through Server Message Block (SMB) shares. InTouch Health does not allow system level access to map network drives via SMB or RDP access for applications containing patient health information (PHI). The operating systems these applications use are predominantly Linux based, and are not directly susceptible to this WannaCry threat.
At InTouch Health, we pride ourselves on secure, reliable connections, and actively monitor our networks to ensure a smooth experience for both our clinician and patient users. Should you have any questions, please review the FBI Flash, or email me directly.
Sr. Director, Information Technology