Zero Day Malware Attacks – How To Protect Health Information Before It’s Too Late

By: Jarrett Kolthoff

zero day malware health informationZero Day malware is a ticking time bomb, prepared to wreak havoc upon unsuspecting health care facilities, administrators, practitioners, and patients. This malware can reside undetected in health information systems for weeks, months, and even years. Then, it happens. Zero Day malware exploits an unknown software vulnerability or a vulnerability for which the developer has not yet released a patch. While the affected healthcare company may have been diligent about compliance, with a Zero Day malware attack, compliance just isn’t enough to protect health information .

How can your health information company reinforce its Zero Day malware defenses?

Health Information Networks:

Use virtual local area networks (vLANs), to segment critical medical devices that run on outdated operating systems. Also, protect wireless communications involving health information from Zero Day malware by using enterprise equipment and securing the architecture to the highest level.


While your firewall cannot protect against a Zero Day malware attack, it can help identify malicious connections to known malicious Command & Control Servers (CnC) servers. It is also critical to decrypt SSL traffic so Zero Day malware can be identified within encrypted sessions.

Browsers and Software:

Zero Day malware exploits vulnerabilities (known and unknown). Developers provide patches to fix known vulnerabilities. But, without updating software with the latest patches, the browser or software remains vulnerable. For health information companies, it’s also important to ensure software on mobile devices used by physicians and staff are also continually updated.

Health Information Malware Protection:

The use of host and network based advanced malware detection is a great initial step in addressing these threats. These solutions should be executed for all hosts and devices connected to your network. As well, understand that many malware variants inject themselves into the anti-virus engines to remain undetected by traditional anti-virus vendors. Lastly, ensure the software patches are implemented as soon as they become available.

Build Awareness:

Educate users of network-connected devices about the simple things they can do to prevent a Zero Day malware intrusion of your health information company. For instance, they should know not to open suspicious links in email or on social media, not to visit suspect websites, and to only open email attachments from known or trusted sources. They should also be made aware of current scams such as emails made to look like they came from a healthcare company executive (spoofed account) with links that redirect to web sites where Zero Day malware is downloaded.

Simplify the Lingo:

C-suite involvement is needed in order to capture the support and resources required for effective Zero Day attack prevention. C-Suite level communications about the threat landscape and neededZero Day malware protection mechanisms should be as non-technical as necessary, as some IT security lingo can be intimidating. When healthcare executives understand the threats, the risks, and mitigating measures, they can effectively communicate this information to the Board of Directors and create budget for these initiatives.

What is “Known” malware?

While it sounds contradictory, known Zero Day malware simply means malware that has been identified and subsequent detection methods created. This type of malware may be an earlier or less complex version, but if your advanced malware defenses are not intact, it will still intrude your system.

How Can Zero Day Malware Be Detected?

SpearTip’s Malware Detection Services identify anomalies and unusual behavior patterns within your network. Our operatives find the unknown and verify the presence of Zero Day malware. Once isolated, our operatives can retrieve and reverse-engineer the malware and identify similarly compromised systems within a network.

How Can A Zero Day Malware Health Information Intrusion Be Minimized?

SpearTip’s Managed Security Services provide an effective Zero Day malware protection solution. Services include, network-based and host-based malware analysis and detection, threat actor source operations research, CnC server and criminal network monitoring, compromised credential monitoring and Peer-to-Peer (“P2P”) confidential data leak monitoring. By incorporating SpearTip’s Managed Security Services into your Zero Day malware protection strategy, your healthcare company is armed with effective detection and source identification tools to protect health information.

If your healthcare company seeks to protect health information from Zero Day malware intrusions, it’s imperative your focus shift solely from a compliance approach to an approach focused on minimizing health information exposure to unknown malware. Standard defensive measures can provide a defensive barrier for health information, however implementing a robust reactive strategy is imperative to protect valuable patient and health information. By implementing SpearTip’s managed security services into your Zero Day malware protection strategy, your healthcare company gains an advantage over relentless cyber criminals.

About the Author:


Jarrett Kolthoff has over two decades of experience in the Information Security field. He is a former Special Agent with U.S. Army Counterintelligence. His expertise includes cyber investigations, counterintelligence, and Fusion Cell analysis. Jarrett currently serves as President/CEO of SpearTip LLC, a global cyber security and cyber counterintelligence firm with its corporate headquarters in St. Louis, Mo.