Health Business Blog

Health care business consultant and policy expert David E. Williams share his views

Is ransomware unstoppable? No, it isn’t

ransomware 2321665 1280
This is stoppable

Chances are you’ve been hearing a lot about cyberattacks and specifically ransomware in healthcare lately. Attackers take over systems and encrypt files, demanding payment in Bitcoin. They often get away with it.

Attacks like the recent ones on Universal Health Services and ERT that make the papers are just the tip of the iceberg. No one wants to report that something like this happened to them.

Until recently, I had assumed that such attacks were really hard to stop. Some are. But it turns out there are often many ways to thwart ransomware, and often hours or even days in which to do so.

I asked security experts at Gamayan to analyze the UHS attack and was amazed that they found at least 28 ways it could be stopped. Check out the UHS ransomware case study that breaks down the attack and potential response step by step.

If you want to learn how to prevent such attacks at your organization, contact me.

Here’s the timeline of the attack:

Day 1

16:37 Bazar Malware Executed (Remote IP)

16:48 Domain discovery commands

17:06 Registry discovery commands

17:28 More domain discovery and network checks to domain controllers

17:41 AdFind used to map active directory

Day 2

18:49 checks again for domain trusts and AdFind using Bazar (FTP exfiltration to remote IP)

20:12 First lateral movement attempt with WMIC (SMB transfer, Multiple payloads tried)

20:23 P64.exe Cobalt Strike beacon run on beachhead host (Remote IP)

21:04 Second P64.exe Cobalt Strike beacon dropped on beachhead host (New remote IP)

21:09 Next lateral movement attempt via a service and PowerShell (First Successful Lateral Movement)

21:10-22:06 Continual lateral movement using Cobalt Strike beacons via SMB across the environment

21:43 Windows Defender begins to be disabled using Powershell commands

21:45 First RYUK ransomware executable transferred to the backup system (Ryuk Executed)

21:50-22:10 RYUK ransomware deployed enterprise-wide (Transferred via SMB, executed RDP commands)

—–

By healthcare business consultant David E. Williams, president of Health Business Group

The 30 Years’ War for value-based care: Podcast with Archway’s Dave Terry

When Dave Terry started his career in healthcare three decades ago, he noticed something odd and disturbing. The fee-for-service model meant doctors were paid for quantity, not for quality or cost effectiveness. Since then he’s been working to do something about it: for the first twenty years at American Practice Management, then Partners Healthcare and Harborside Healthcare. He made progress, but also learned the limitations of acting against entrenched interests.

For the last decade he’s gotten even more serious, co-founding Remedy Partners in the wake of the Affordable Care Act and then Archway Health, where he is CEO. Archway helps physicians jump into the meaningful risk-based payment models that are finally on offer from the Feds and private carriers.

I compared Dave’s quest to the Thirty Years’ War, but reminded him that there was a Hundred Years’ War, too, so he better gird himself.

The HealthBiz podcast is now on SpotifyApple PodcastsGoogle Podcasts and  many more services, making it easy to subscribe.

—–

By healthcare business consultant David E. Williams, president of Health Business Group

Pharma jumps into digital health: Podcast interview with Medullan CEO Ahmed Albaiti

The HealthBiz podcast is now on SpotifyApple PodcastsGoogle Podcasts and  many more services, making it easy to subscribe.

The pharmaceutical industry is one of the last to be transformed by the digital revolution. But companies like Roche and Novartis have been experimenting for a long while, and the fruits are finally ripening.

Medullan CEO Ahmed Albaiti is a digital health pioneer. In this episode of the HealthBiz podcast, he takes us on a trip down the memory lane of digital health, sharing pharma’s successes and failures. We discuss the shock brought on by COVID-19 and why software is often classified as a medical device. He also shares his vision for an integrated and harmonized future for pharma, payers, providers –and patients.

I’m proud to serve as chairman of Medullan’s advisory board.

—–

By healthcare business consultant David E. Williams, president of Health Business Group

Coordination of benefits. Which plan is primary?

white male 1834094 1280
Get your act together!

I received a couple of ominous looking letters from Boston Children’s hospital, letting me know that my claim has “been suspended” by my insurance carrier, Blue Cross Blue Shield of Massachusetts.

Unlike a couple months ago, when Blue Cross accidentally cancelled my family’s entire policy (oops!) while trying to remove an adult dependent at my request, this time it was due to a “coordination of benefits” issue.

Here’s the situation. Another dependent of mine is a college student in a different state. Our Blue Cross HMO doesn’t work out of state, so we buy an additional insurance plan from the college. (Also one more policy for varsity athletic participation, but that’s another story!)

When this dependent had services at Boston Children’s, we listed the Massachusetts plan as primary. But at least according to the BCBS MA rep I spoke with today, the out-of-state plan should be primary because my dependent is the subscriber, unlike on our family plan where they are listed as a dependent. So even though the out-of-state plan is likely to deny the Massachusetts claim as out-of-network, we need that denial first before submitting to BCBS MA. Make sense?

Oh, and to make things a little more complex, the rep said I need to ask the other plan if they follow the “standard coordination of benefits rules.” Apparently some student plans don’t.

What fun!

—–

By healthcare business consultant David E. Williams, president of Health Business Group

Congratulations to Boston Children’s new CEO, Dr. Kevin Churchwell

I met Dr. Kevin Churchwell, the new CEO of Boston Children’s Hospital a few years ago. He impressed me then, and I’m excited that he has been named as the new CEO, following the retirement of Sandy Fenwick.

He’s a physician and business leader, and has already run a prestigious pediatric academic medical center, the Nemours/Alfred I. duPont Hospital in Wilmington, DE.

As a parent of kids who have received incredible care there, I have a special fondness for Children’s. I’m excited by this choice of CEO.

Bravo!

—–

By healthcare business consultant David E. Williams, president of Health Business Group