Written by Derrick Weisbrod

In the recent month, you may have heard news reports about newly discovered vulnerabilities affecting computers. They are called Meltdown and Specter—suitably ominous titles for these lurking threats. This isn’t a new virus or ransomware attack, these are actually vulnerabilities discovered in the Intel Processors that are used in almost all computers. Because it’s a problem with the processing chip itself, this vulnerability is present in nearly all computers made in the last ten years. It affects Windows, Mac, Linux, and other operating systems.

Meltdown and Specter are alarming, because they can allow a malicious computer program to get around data access restrictions and gain unauthorized access to potentially sensitive information from other systems. This could include passwords, billing information, social security numbers, or sensitive medical information. It is generally believed that local access to the computer system would still be required to exploit this vulnerability, although there are mixed views on whether the exploit could be used through compromised websites. Regardless, this represents a serious threat to the safety of information stored in your systems. Luckily, there are already patches in the works.

The best thing to do to remediate this threat is to make sure your systems are getting update and security patches regularly. Apple has reported it already fixed one exploit in its 10.13.2 update, and Microsoft released a patch on January 3rd, 2018 to address the same threat. So a properly updated system will be much more secure. However, I want to remind you of the WannaCry ransomware attack that hit so many systems last year. That attack devastated the National Health Service in England and affected huge portions of Europe. But, the exploit that WannaCry used had already been patched by Microsoft months before the vulnerability was made public. Every system affected had either failed to install the needed security patch, or was an older system no longer supported by Microsoft.

Soon, we may begin to see hackers releasing viruses or targeted attacks that use these discovered exploits. If you have installed the updates on your systems, your network should be fine. Be sure! Ask your IT department if they have installed the necessary patches to protect against this exploit. It should be part of the normal maintenance, but as the WannaCry attack revealed, even large organizations like the NHS can be left vulnerable.

HHS recommends that Healthcare and Public Health entities install the patches as soon as business use-cases allow. They should be tested before being applied to entire systems, and device vendors should be contacted before applying the patches to medical technologies to avoid software conflicts or poor system performance. If your practice needs help implementing these security patches, seek out the help of a professional IT service. If a new ransomware attack comes out that exploits Meltdown and Specter, you don’t want your systems to be vulnerable. This could not only devastate your practice, but represent a HIPAA liability if standard preventative measures were not taken to protect your patient’s information.