CISA Alerts Healthcare Industry of Maui Ransomware Attacks

North Korean Maui Ransomware

What is Maui Ransomware?

Maui Ransomware encrypts a user’s target files and holds them ransom until payment is received. It’s important to note that paying the ransom with any ransomware is not recommended, because there is no guarantee that the data will be returned. What makes Maui ransomware different than others? The software uses three types of encryptions to make the recovery of files near impossible after being manually triggered by the attacker on a remote system. In the case relating to the CISA alert, the malware is being triggered by North Korean militants.

Once triggered, Maui uses AES 128-bit encryption to encrypt the target files. To give an idea, AES (Advanced Encryption Standard) is used by the federal government to encrypt classified files. 128 bits is complex level of encryption, which would take approximately one billion years for a supercomputer to crack a 128-bit password. AES encryption is unencrypted by using the associated key, and Maui encrypts the AES key using RSA encryption. RSA uses a public key to encrypt data, usually a message. To decrypt RSA, the user would require a secret private key. Then taking the process one step further, Maui encodes the public key using XOR encryption, which is a simpler form of replacement encryption but is near impossible to encrypt without the key.

How to stay protected

The FBI, CISA, and Treasury Department created specific recommendations to help mitigate Maui Ransomware.

  • Use encrypted and authenticated data transfer methods with ePHI, specifically related to the transmission of data transferred between medical devices via the internet. Medical devices connected to the internet are often referred to as the Internet of Things or IoT.
  • Use least privileged access, where employees and users only have as much access as they need to complete the duties of their job. When employees have too much access mistakes are made and there are more accounts that malware can manipulate to compromise a business.
  • Encrypt Protected Health Information (PHI) and Personally Identifiable Information (PII) while at rest – storage- and in transit. While storing data, ensure it is stored on the internal network behind a firewall and not on the cloud, unless it is an encrypted cloud drive. When transmitting PHI or PII outside of your internal network, it’s important to keep it encrypted using a patient portal or encrypted email.
  • Ensure that your practice is following the HIPAA Security Rule and Privacy Rule policies
  • Create and regulate internal policies and procedures for all users, including vendors. This ensures all users and employees attest to having read and understand the policies and procedures, which is the first step toward educating your staff on how to protect data.
  • Maintain offline backups that are encrypted and can be restored quickly.
  • Create, maintain, review, and update cyber incident response plans and communication plans. Everyone needs to know and practice their role outlined in the plan.
  • Install all updates and patches as soon as they are available.
  • Implement training programs for HIPAA and data security.
  • Require MFA and password vaults.

Zekteck Helps Keep You Safe from Ransomware!

Zekteck offers a comprehensive package of data security services and technology in combination with their proprietary HIPAA compliance automation platform that covers ALL of the CISA, FBI, and Treasury mitigation recommendations. Features include:

  • Automated Security Risk Assessments (SRA) – which uncovers gaps in compliance and automatically assigns tasks to reduce risk. Everyone knows compliance levels 365 days a year with just a glance.
  • Required HIPAA Training Made Easy – Training modules are in one place and readily available to everyone. They train at their own pace and get a snapshot of staff’s compliance levels.
  • Documents Made Easy – Store and track all required documents in one place. Able to see who has viewed each document for full accountability
  • Tracks Assets & Risk Levels – Easily view the status of electronic devices, where they are, who is authorized on each device, and who is using it.
  • Track Vendors – Keep all vendor information and documentation in one place. Quickly see who is authorized, work logs, and who has a business associate agreement (BAA)
  • Tracks Applications & Software – Easily view & manage who has access to each application. Set and view which compliance it falls under to help manage risk
  • Security – Guard against cyber-attacks and data breaches. Our services Includes a safety net with a $250,000 warranty
  • HIPAA Compliant Email – This allows email to be sent without having to go through a patient portal or try to decide if the information within is safe to send. Includes role-based access control.

Protect Your Practice with Zekteck!

Having Zekteck on your side not only saves you time and frustration, but also protects your practice against malware such as Maui Ransomware. 

Learn More
Lewis Mandichak
Co-Founder/ CEO
[email protected]

This page is not be used as an official HIPAA Compliance Checklist*

Quiz Your HIPAA Knowledge!

Which of the following is not a section of HIPAA:
True or False: Practices are shielded from liability if a vendor or contractor breaches HIPAA.
True or False: Practices will not be charged a fine if they were unaware of risks that caused a breach.
On average, a HIPAA violation fine is:
___% of healthcare organizations have experienced at least one data breach in the last 12 months.
If a data breach occurs involving more than 500 individuals, how long does a practice have to report it?
Which of the following documents are required per HIPAA?
How long must a practice keep HIPAA-related documents?
Which of the following is not a common cause of a HIPAA violation:
[forminator_form id="5983"]