Can A Software Patch Prevent A Ransomware Attack?

Can A Software Patch Prevent A Ransomware Attack?
Can A Software Patch Prevent A Ransomware Attack?

Can A Software Patch Prevent A Ransomware Attack?

This patch, more than eight years overdue, could have prevented the MedStar Health Ransomware Attack

Some things just make you want to grind your teeth. Even after hospitals in California and Kentucky had been attacked during the last 30 days other health care companies didn’t do the obvious thing and examine their own cybersecurity measures to insure that the exact same thing didn’t happen to them.  You really have to wonder: what are these people thinking… or NOT thinking?? And from a technical standpoint it makes you wonder: Can A Software Patch Prevent A Ransomware Attack?

Cybersecurity attacks come in all shapes and forms and in various levels of sophistication.  Some require a deep-dive into the code of website to find a back door and then expert “drilling” to plant nefarious trojans or viruses.  Others require a phone call with a plea to the customer support rep on the other end of the line for help – referred to as “social engineering” in the industry.  But the easiest hacks are those that are known to the hacker world and referenced regularly in postings on the “dark web” that become relatively common knowledge.

That’s exactly the kind of attack that made the folks at MedStar Health, one of the largest health care providers on the east coast, miserable.  As described in this Ars Technica article (those guys do such a great job explaining the complex in simple language) an old – practically ancient by cybersecurity standards – but gaping hole was left in MedStar’s security because they hadn’t installed a simple software patch that was available as far back as 2007.  The end result was patients and doctors being locked out of the system and a fire drill for the IT department.

Now, in fairness, credit goes to MedHealth for preventing  a total disaster.  According to them none of their patient’s data was compromised and they didn’t pay any ransomware to recover their files.  But really, guys, a nine-year-old patch could have prevented this attack and the embarrassment that came with it in the first place.

So what does this mean to you or your company?  Simple:

  1. Keep software up-to-date.
  2. Install security patches as recommended by the software publisher.
  3. Audit your system regularly (preferably by having an outside firm do it).

Remember this: It takes a long time to build a reputation and just a few seconds to destroy it.  Sure, there are more ways to get hacked than simply overlooking a software patch but this one is pretty easily handled.  Don’t let a ransomware attack disrupt your business. Be careful. Be diligent. BeCyberAware!

Listen to the podcast:


Author: BeCyberAware

Scott Goldman is a veteran of the wireless and Internet industries, holds two cybersecurity patents and is known as a dynamic, entrepreneurial executive with a long track record of successes and thought leadership. He is an independent director on the board of Mueller Industries, a $2 billion Fortune 1000 company and has served on the Audit, Governance and Compensation Committees. Mr. Goldman has traveled to more than 20 countries to assist startups, governments and enterprises in developing, launching, operating and selling technology businesses around the world. He has written two books, hundreds of magazine articles and blog posts and given keynote speeches at major industry events around the world. He has also been interviewed more than 500 times in major print, radio, TV, and webcast media because of his ability to relate complex technical concepts in easily understandable terms. His specialties include executive management, strategic planning, product development, regulatory matters and public relations. He is also an avid cyclist, making time to ride more than 6,000 miles each year. For a detailed look at Mr. Goldman's global activities, career history and accomplishments visit or his YouTube channel:

Leave a Reply

Your email address will not be published. Required fields are marked *