How Unsecured WordPress Infected a Clinic with Ransomware
By Gil Vidals, , HIPAA Blog, HIPAA WordPress, Security, Uncategorized

Just as the world has witnessed novel variants of the COVID-19 virus (and may continue), new variants of ransomware continue to appear since the first documented case in 1989. 

And while loss of life, thankfully, is not yet rivaling the pandemic, poorer health outcomes for scores of patients impacted by ransomware have resulted.

For example, summary findings from a recent Ponemon Study revealed,

“Along with an increase in mortality, the survey of roughly 600 providers also found ransomware resulted in more complications from medical procedures, delays in procedures and tests resulting in poor outcomes, an increase in patients being transferred or diverted to other facilities, and longer patient lengths of stay.”

Financial losses are also steep – to the tune of more than $20 billion in 2020 for healthcare organizations, as noted in another study by Comparitech.   

That’s the big picture.

Examining a specific, real-world case of ransomware can also help illustrate how easily healthcare clinics are impacted. Of note, we also see how a WordPress site, if unsecured, is the perfect vehicle for the attack.

The following ransomware attack – directed against the Kelsey-Seybold Clinic of Houston back in 2015 – is here described by Martin Littmann, their Chief Information Security Officer: 

“Two employees working in the same department visited a daycare site to look at their services during lunchtime. That site was built on WordPress and was not kept current. The malware they received as a drive-by download was a zero-day variant of Crypto Locker.”

At the moment the malware was detected, Littman notes, users at the clinic were finding network file shares that could not be accessed. 

The result? 

Littman’s team discovered “hundreds of thousands of encrypted files across two department shares,” along with an infected physical PC and virtual desktop. 


Fortunately for Kelsey-Seybold and their patients, mitigation and containment efforts were fruitful – but only because cyber resources and expertise were readily available.

Littman’s security team achieved a clean image of the virtual desktop through a reboot, and the physical machine was removed from the network and re-imaged. Affected files were also restored from snapshot backups, to allow users to continue their business processes. 

Download Now!

So what was learned through the attack? At least 3 lessons, Littman says: 

  • “The event highlighted the need for the information security team to be vigilant in reviewing and responding to alerts from our security solutions.
  • It also illuminated the value of the information security, network and systems teams working in harmony, and underscored the reality that security is everyone’s business. 
  • In subsequent years, this event was used to highlight the need for richer and more frequent user education, as well as bolstering and continually improving our security and systems tools.”

What About Your Clinic?

Obviously not every healthcare organization has fared as well. Smaller clinics, in particular, (see Wood Ranch Medical) are especially at risk since they typically lack the security resources and budget of larger organizations. Make no mistake, everyone is a target.  

What are some actionable items then that you can use to help protect your practice? 

  1. Education about ransomware and other malicious attacks is key.

Kelsey-Seybold realized the need for improved user education, including regular phishing testing, to help their staff be vigilant in the face of ransomware and other attacks.  

  1. You need (and can afford) layers of managed security.  

Data backups were essential to get Kelsey-Seybold up and running in a short time. Rapid restore and hosting that includes a second, geographically removed data center is also invaluable to recover from ransomware or other malicious attacks.

A managed security service provider like HIPAA Vault can provide these important services – as well as finely-tuned SIEM capabilities for improved network security – wrapped in one, affordable monthly price. You’ll help protect your patients and preserve business continuity while freeing your staff to focus on direct patient care. 

  1. WordPress’ wide attack surface can easily spread malware if not secured.

It’s almost a given: your WordPress site will get infected – and possibly infect other sites – if not secured. If the daycare in question had insisted upon maintaining an up-to-date WordPress site, they likely wouldn’t have been the vehicle for the spread of ransomware. 

Again, here is where HIPAA Vault can help! Our affordable HIPAA WordPress is designed for healthcare providers of all sizes. We manage all updates, plugins, and patching to keep your site running securely, optimized, and able to resist the latest attacks.

To be sure, every organization and individual that handles PHI must be vigilant. As we partner with you, be assured that strategic measures for fighting ransomware are included in all HIPAA Vault compliant hosting plans. Our fully-managed anti-malware solutions and an Intrusion Detection System (IDS),  Advanced spam filtering, regular, offsite system backups, password management policies, and multi-factor authentication come standard.

Fighting ransomware is now a necessity for healthcare organizations. Prioritizing data security and finding the right HIPAA Compliant hosting provider who is on the job 24/7 is key.

If you have any questions on HIPAA data security or any of the services we provide, please contact us! 760-394-6920.

HIPAA Vault is a low-cost leader of HIPAA-compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities.