Practice Management Alert

Reader Question:

Prepare Remote Desktops for Cybersecurity Threat

Published on Wed Dec 14, 2022

Question: Can I do anything to protect my practice’s remote coders’ computers from the latest ransomware threat I heard on the news? I think it’s called Venus.

Maryland Subscriber

Answer: The Health Sector Cybersecurity Coordination Center (HC3) issued an Analyst Note (see resource, end of answer) on Nov. 9, 2022, regarding the Venus ransomware threat.

HC3 recommends placing Remote Desktop Services, including those operating on nonstandard TCP ports, behind a firewall. The agency also suggests several mitigations for a ransomware attack including, but not limited to:

Maintaining offline data backups and implementing network segmentation
Installing updates and patches on operating systems, firmware, and software when they are released
Disabling unused ports
Enforcing multifactor authentication (MFA), placing RDP behind a virtual private network (VPN), and considering MFA for securing RDP access
Adopting National Institute for Standards and Technology (NIST) standards for creating and managing password policies
Requiring administrative credentials for installing software.

For more context, the Venus ransomware specifically targets publicly exposed Remote Desktop Services to encrypt Windows devices. Since it started operating in August 2022, the ransomware has claimed several victims around the world, including at least one healthcare entity in the United States.

Initial ransom demands are believed to start around 1 bitcoin (BTC) or less than $20,000. The Analyst Note also mentions that the Venus ransomware operators aren’t believed to operate the threat as a ransomware-as-a-service (RaaS) and aren’t connected to data leak site (DLS) at the time of the note.

“When executed, the Venus ransomware will attempt to terminate 39 processes associated with database servers and Microsoft Office applications,” according to the Analyst Note. The note also mentions that the ransomware will delete event logs, shadow copy volumes, and disable data execution prevention.

Resource: Read the Analyst Note here, www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf.

Practice Management Alert

Audits:
Try These Strategies When Reporting Audit Findings to a Provider
Don’t forget: You can ask your manager for backup. The worst part of any audit [...]

MPFS:
Find Out How to Tighten Your Belt Before the 2023 CF Hit
The final reduction is even higher than what CMS initially proposed. The Centers for Medicare [...]

Best Practices:
Wary of Litigation? Try This 1 Little Thing
Hint: Assuage hurt feelings for both patients and employees. One simple — but possibly very [...]

Reader Question:
If You’re Not a Physician, Don’t Alter CNMs
Question: My billing supervisor erased something that the doctor wrote on a certificate of medical necessity [...]

Reader Question:
Prepare Remote Desktops for Cybersecurity Threat
Question: Can I do anything to protect my practice’s remote coders’ computers from the latest ransomware [...]

Reader Question:
Medicare Doesn’t Cover This Routine Exam
Question: What’s the difference between an annual well visit and a well-woman visit? A new, female [...]

View All