As widespread cyberattacks hit organizations worldwide last week, the United Kingdom’s National Health Service emerged as one of the most affected entities. While the global WannaCry ransomware attack, named for its “.WCRY” extension on file names, is still ongoing, Europol, the European Union's law enforcement agency, reported Monday that 200,000 computers in 150 countries have been affected thus far, including at 16 NHS organizations.
— Shaun Lintern (@ShaunLintern) May 12, 2017
What We Know So Far
The source of the attack appears to be an unsecured weakness in several organizations’ server message blocks, according to Kaspersky Lab’s global research and analysis team.
While the NHS said it has no reason to believe at this point that patient data has been accessed, many hospitals in Britain’s NHS system, as a result of the attack, were forced to turn patients away; ultimately, a cybersecurity researcher managed to thwart the attack by accessing a “kill switch” within the malware. Many hospitals are now slowly returning to normal operations.
The NHS said in a statement that it believes the malware variant is “Wanna Decryptor,” noting that the organization is working closely with the U.K.’s National Cyber Security Centre, the Department of Health and NHS England to support affected organizations. It has also released guidelines on how organizations can protect themselves against cyberattacks.
Now, U.S. healthcare organizations are bracing for ransomware attacks as the threat continues to spread.
“United States Computer Emergency Readiness Team (US-CERT) has received multiple reports of WannaCry ransomware infections in several countries around the world,” said an alert from the Department of Homeland Security distributed by the Office of the National Coordinator for Health Information Technology. “Ransomware spreads easily when it encounters unpatched or outdated software.”
HHS is aware of a significant cyber security issue affecting hospitals & health systems. Be xtra careful about opening e-mails/attachments.
— Deven McGraw (@HealthPrivacy) May 12, 2017
A recent survey by the Centre for International Governance Innovation (CIGI) found that most organizations are not prepared for a ransomware attack, finding that only 16 percent of people worldwide say they would be in a position to retrieve their data from a backup if hit with a ransomware attack.
The U.S. has thus far managed to escape the worst of the attack. The American Hospital Association noted that industry leaders were watching the attacks unfold with the aim of staying out in front of possible incidents.
“Hospital leaders are monitoring what is happening in the U.K. and around the world, using the lessons learned in previous attacks and applying best cybersecurity practices in an effort to anticipate and respond to existing and emerging threats. While cyber threats will continue against the health care field, we remain committed to working with HHS, policymakers, law enforcement, and hospitals and health systems to mitigate risk and protect the information of patients,” the AHA said in a May 15 statement.
5 Ways Healthcare Organizations Can Protect Themselves
As U.S. healthcare organizations look to shore up defenses, the attack serves as a reminder that securing devices and networks against cyberthreats should be top of mind for industry executives on a daily basis.
“Healthcare organizations can address this issue by making sure to block any unneeded services (file sharing, web services, etc.), utilizing multifactor authentication for remote access to resources, and most importantly, keeping up to date with current operating systems and patches,” says Mitchell Parker, executive director of information security and compliance at IU Health.
He offers five quick pieces of advice for how healthcare organizations can protect themselves from similar ransomware attacks:
1. Make sure to keep all systems as up to date as possible with security patches and updates.
2. Make sure any third-party or cloud-based vendors that host your applications or data also keep up to date with security patches and updates.
3. Ensure that your firewalls and anti-virus software are up to date and well maintained.
4. Have an up-to-date education program that instructs users on how to spot and detect potential ransomware threats, and give them guidance on how to report them.
5. Constantly reinforce the security message with your user community.
Medical devices were some of the worst hit in the attack. Read more here for tips on how to better secure medical equipment.
Despite the recent attacks, Parker believes that cybersecurity in the healthcare field is getting better all the time.
“With the recent emphasis on incident response, downtime procedures, and recovery from the Joint Commission and other organizations, we think that healthcare as a whole is significantly more ready than in the past. Now that they are involved, this is a business issue rather than just another one for the IT bucket,” says Parker.