UK Health System Infected by RansomwareMay 12, 2017 | |
In a cautionary tale for all companies, but especially healthcare organizations, on May 12, 2017, multiple news sources reported that a broad cyberattack using ransomware caused substantial interference with critical systems across Europe, Russia and Asia. (See e.g., New York Times, BBC News and Silicon Angle.)
According to the New York Times, the attacks were accomplished by exploiting a vulnerability that was discovered and developed by the U.S. National Security Agency. The vulnerability was thereafter leaked by the hacking group Shadow Brokers, which has been spreading stolen N.S.A. hacking tools since last year. The malware, referred to as “WannaCry” ransomware, was circulated by email that contained encrypted and compressed file attachments. Once loaded by clicking on the email’s attachment, the ransomware infiltrated its target’s systems by encrypting the data and blocking user access.
In the case of the UK health system, the infections resulted in significant disruptions to patient care and affected British hospitals, doctors’ offices and ambulance corps. Britain’s Health Secretary categorized it as a “major incident” and warned that local health services could be overwhelmed by patients. Doctors were blocked from accessing patient records and emergency rooms diverted patients to other facilities for treatment.
In addition to the UK medical providers, large companies throughout the world were reported to be affected, including Spanish companies such as telecom Telefónica, Iberdrola, Gas Natural and Vodafone, universities in Italy and other entities in Turkey, Vietnam, the Philippines, Japan and Russia. Once infected, the entity was locked out of its computer systems and records, and demands were displayed requiring ransom be paid in Bitcoin in order for access to be restored to the entity’s data.
Notably, according to the New York Times article, Microsoft had provided a patch for the vulnerability in March, but “hackers took advantage of the fact that vulnerable targets – particularly hospitals – had yet to update their systems.” All entities should take the attack as a learning opportunity, whether or not they were directly impacted. Despite the cost and inconvenience, it is essential that everyone stay abreast of constantly evolving security threats and remain up-to-date on available technological protections. The bad guys are constantly trying new tools to assault the security in computer systems and organizations must be careful to upgrade its locks!