IMPORTANT: White House Memo on Ransomeware
Over the past several months, there have been numerous media reports about ransomware attacks impacting government agencies, private organizations, universities and health care facilities to the point they are unable to provide critical services to the communities they serve.
Last week, ransomware shut down the largest gasoline pipeline in the US, halting the supply of fuel to 17 eastern states and the District of Columbia. On the other side of the continent, a major health organization has been severely impacted—unable to access their electronic medical record and other electronic systems used to deliver care in hospitals. This outage has caused appointments to be canceled and critical care patients to be diverted to other nearby hospitals.
According to Security Magazine, health care experienced a 123% increase in ransomware attacks in 2020, impacting 560 providers in the United States.
About Ransomware
Ransomware is malicious software designed to render computer systems inoperable by encrypting (locking) stored data. Critical information like patient records cannot be accessed until a ransom is paid for a code that will unlock, or remove the encryption from, the affected files and data.
Ransomware is typically delivered via a phishing email that has been crafted to trick individuals into clicking a malicious link or opening an attached file. Once the link is clicked or the malicious attachment is opened, the ransomware automatically encrypts all files on the user’s computer and anything that the user (or the user’s computer) is connected to—including enterprise file servers, databases, applications, and other essential information resources.
This can have a devastating impact on an organization, especially if the person who falls victim has elevated computer or network privileges.
Keeping UTMB Safe from Ransomware
Fortunately, UTMB leadership understands information security risks and has invested in technical controls designed to help guard against these types of attacks. But technical controls alone do not fully address the risk. We, as users of the UTMB network, have an obligation to take reasonable precautions to prevent the introduction of malicious software into our computer environment.
Our primary user-level defense is to identify, report and delete all malicious email that is designed to trick you into clicking a link or opening an attachment. Specifically:
- Scrutinize all email, especially if it originates outside UTMB. (All external emails are marked with a , yellow warning banner across the top of the body of the email.)
- Make sure the message is from a source you are familiar with.
- If the message asks you to click on a link, hover over the link and make sure it is taking you to a place that makes sense.
- If there is an attachment you were not expecting, don’t open it
- If the email looks suspicious, delete it
- If you are not sure about the email’s authenticity, send it to cirt@utmb.edu and we’ll validate it for you.
Typically, hundreds of individuals are the target of these types of email at the same time. If you are the recipient of an email that appears to be malicious, report it to cirt@utmb.edu immediately. The sooner our incident response team becomes aware of the potential threat, the sooner we can take action against it. We have the ability to immediately purge malicious/suspicious email from our system, blocking embedded links and/or stripping away unwanted attachments.
For more information, contact the Office of Information Security at
cirt@utmb.edu or 409-772-3818.