On Tuesday, Feb. 7, 2023, HonorHealth received multiple email messages that were part of a large campaign dubbed “QakNote.” The QakNote campaign was a variation of a previous campaign that utilizes the “QakBot” malware. The QakNote campaign utilized a Microsoft OneNote notebook attachment on the email message. When opened, the notebook contained a link that downloaded a malicious file. The intention of the malicious file was to create a foothold in our environment, allowing the remote attacker to pull down further malicious files of their choosing, such as ransomware.

At HonorHealth, we follow a strategy referred to as “defense in depth,” which is layering security products and methodologies. We have multiple checks of an email message before it reaches your inbox, and then if you are reading or executing it on an HonorHealth workstation, there are local checks and blocks as necessary. As a final method of protection, any outbound internet activity is monitored and malicious connectivity is blocked. In this instance, our local protections on our workstations prevented this attack where the malicious link was opened.

As this attack was well crafted and enacted quickly against several organizations at once, it made it through several layers of our protection. The importance of vigilantly inspecting emails, including the links and attachments within, has never been greater. We rely on you to help keep HonorHealth secure and ensure we can provide the level of patient care we are known for. Please help protect HonorHealth – think before you click.

Read the full Epic and IT update HERE