勒索软件流行病和逾期的国家健康IT安全中心

---

Wednesday, August 17th, 2016
写的Dean Sittig和Hardeep辛格

全球医疗保健组织（HCO）的计算机化迅速增加已提高了他们作为网络犯罪分子的有利可图的目标。最近，有一系列涉及的备受瞩目的勒索软件攻击医院’ electronic health record (EHR) data.

简而言之，勒索软件攻击通常是在用户被包含在单击Internet链接或打开恶意电子邮件附件时开始的。然后，下载了旨在损坏或禁用计算机的恶意软件或软件，然后在该计算机上迅速加密数据，并试图在同一网络上与其他计算机接触以对这些计算机上的数据进行加密；因此，所有加密数据都是无法访问的。显示一条消息，显示所有文件都已加密，如果用户不支付所请求的赎金在短时间内，文件将被销毁。攻击启动后，用户将有三个基本选择：1）尝试从备份中恢复其数据；2）支付赎金；或3）丢失他们的数据。

These large scale, malicious events compromise the safety of patient data and remind us of the need for a National Health IT Safety Center, a $5 million Fiscal Year 2017预算请求我们拥有的国家健康协调员办公室（ONC）supported before. In the absence of a centralized investigation and dissemination clearinghouse for these types of events, it is not possible to decipher specific details of what happened, how the problems were resolved, and what other organizations should learn from these events.

Recently, the Texas Medical Association (TMA) introduced a resolution the American Medical Association (AMA) House of Delegates asking that the AMA support the ONC’s efforts to implement a National Health IT Safety Center to minimize safety risks related to use of health information technology (IT). The TMA’s resolution was adopted by the AMA on June 15, 2016 at their annual meeting. The rationale and recommendations within that resolution were built on新兴证据of deficiencies in EHR-related safety anda concept proposalwe previously described. We applaud the AMA for taking a thoughtful and forward-looking position.

An Agenda For The National Health IT Safety Center

While it is unclear what actions AMA will now take to support this effort, we posit that this center should be developed as a public-private partnership that:

• 建立一个全国性的“销售后”监视系统，以监视与健康相关的患者安全事件，包括导致患者伤害和“接近遗失”的患者安全事件；
• 为调查与健康相关的主要安全事件的调查开发方法，治理结构和协调框架；
• 按照ONC等最佳实践建议，创建了大型HCO中健康IT安全的随机评估的基础架构，方法和方法SAFER guides; and,
• 卫生IT安全倡导者与各个政府（例如，美国国会，医疗保险和医疗补助服务中心（CMS），民权办公室，国防部，州和地方卫生部门）和私人实体（例如，EHR供应商，付款人和医疗保健提供者组织）。

The ransomware epidemic is a perfect example of the types of problems this center should address.

安全中心将如何帮助包含勒索软件

首先，卫生IT安全中心将召集两到三支卫生IT，网络安全，临床信息学和患者安全的多学科专家团队，这些专家可以参观勒索软件攻击的每个站点。在这些网站访问期间，他们将采访包括IT专业人员，临床医生和管理人员在内的主要利益相关者，审查各种系统及其审核日志，以确定这些攻击的开始，哪种加密算法，如何使用，如何针对目标，如何针对的漏洞，如何使用这些攻击。处理了攻击，并从他们的经验中学到了关键的教训。
根据他们的发现和现有最佳实践，这些团队将编写并传播一份报告，并提出调查结果和建议，以阻止威胁对患者安全产生更大的影响。这些报告的目的不是找到故障，而是要提出可行的建议，并在全国范围内将这些知识传播给使用EHRS的机构，以减轻未来的问题。

We envision that the safety center would also work on development and dissemination of more proactive strategies for risk reduction. For instance, we recently developed some good clinical practices for ransomware prevention, mitigation, and recovery that were published in a peer-reviewed journal. However, in order for these findings to reach their fullest possible impact, institutional and government leaders and IT staff will need to see and implement them. This is where a safety center could deliver real, tangible value.

没有安全中心的下一步？

Like most health IT challenges, the responsibility of preventing, mitigating, and recovering from ransomware is shared between health IT professionals and end-users. While we developed detailed ‘best practice’ recommendations through available literature, in reality, there is no standardized approach nationally to decide how to rapidly develop or share best practices for nearly all emerging health IT safety issues. Often, institutions reinvent the wheel. The advocacy role of the center could coordinate this approach. In its absence, to help HCOs address ransomware threats, we recommend a four-step strategy to prevent against attacks (for full recommendations see Table 1 in published paper).

• 足够的系统保护correctly installing and configuring computers and networks: organizations should maintain up-to-date backups of all data, ensure that key operating and application software is up-to-date, limit users’ ability to install and run software applications, and limit users’ access only to those systems, services, and data required by their job.
• More reliable system defense by implementing user-focused strategies：组织必须提供严格的培训，包括使用仿真策略，以确保用户正确操作其设备和应用程序，并学习如何识别合法的电子邮件和附件。
• Comprehensive system monitoring of suspicious activities：组织应开发网络和用户活动监控系统，该系统进行可疑活动的监视，例如从已知欺诈来源收到电子邮件。
• Robust response strategy that includes recovery, investigation, and lessons from ransomware attacks：IT部门应从网络上断开感染计算机的连接，并关闭感染机器的无线网络功能。如果攻击广泛，IT部门应关闭所有网络操作（即有线和无线），以防止恶意软件扩散。最后，他们应该联系其保险提供商，计算机取证专家和联邦调查局的互联网犯罪投诉中心。

We are at crossroads. We could continue to obfuscate and ignore obvious safety issues, including being easy targets for cyber-criminals, or we could work together to understand safety events, learn from them, identify best practices to prevent them, and work on building a safe and effective health IT infrastructure for our country. Based on recent events, we remain optimistic that leaders with the power to make things happen will heed to the call for a past overdue National Health IT Safety Center.