Today's news is dominated by the extensive worldwide cybersecurity attack. The root causes are a matter for speculation and investigation at this point, but a couple of things seem clear:
- Health systems have been affected, with impacts on patient care <https://www.wired.com/2017/05/ransomware-meltdown-experts-warned>, <https://arstechnica.com/information-technology/2017/05/nhs-ransomware-cyber-attack>
- At least some of the affected health systems had been warned for months about out-of-date computer systems <https://www.nytimes.com/2017/05/12/world/europe/nhs-cyberattack-warnings.html>
To date, the IT@JH security team reports no incidents of this type on our network. Like all large organizations we are still at risk, but our security team has been working particularly hard - for years - to reduce our vulnerabilities.
Recent requirements for device procurement and security have been disruptive in some areas - there is a an inescapable tension between security and convenience - but concerns have been addressed and reasonable measures have been taken. We continue to address specialized computers that have out-of-date operating systems - and the current attack is a reminder regarding the need to maintain updates; on a large network, vulnerable machines can become an entry point with broader consequences.
If you think computer(s) in your area may be vulnerable, please don't hesitate to reach out for help (to your IT support team, or ask me if you're unsure). We must all work, continually, to ensure the security of the data elements that are central to our work - precious records relevant to patients, research, education, personnel, etc.
Storage of all data in central, JH-managed servers is ideal. Other solutions can be considered, but require extra steps to be adequately secure.
Be alert for phishing emails. I have received phishing emails from familiar people recently, whose computers had been compromised, so it's not enough to recognize the sender - you should also double-check and think before clicking on any links or attachments. Before entering your JHED credentials, make sure the URL of the website location starts with https://login.johnshopkins.edu/... - and if it doesn't then consider asking for help or finding another way to perform the task.
-Stuart Ray, Vice Chair for Data Integrity & Analytics