Healthcare News & Insights

Global ransomware attack wake-up call for hospitals

The latest big ransomware attack has put hospitals across the globe on high alert for cybersecurity. Although U.S. hospitals weren’t hit as hard as those in other countries, facilities still need to make sure their IT infrastructure would withstand a similar event. 

On Friday, May 12, a ransomware assault, dubbed “WannaCry” after the software used to execute the cyberattack (WanaCrypt0r 2.0), hit a variety of countries. By Monday, internet security firm Avast reported that there were 213,000 different versions of the attack in 112 countries – many of which were directed at healthcare facilities.

In the UK, at least 36 hospitals, ambulance companies and doctors’ offices were affected by the WannaCry attack, according to an article in the New York Times. Patients’ health records weren’t accessible for hours as England’s National Health System scrambled to respond to the ransomware incident. Many hospitals had to turn patients away until they got the problem under control.

The malware, stolen from the National Security Agency (NSA) encrypted files in hospitals’ systems, making them inaccessible to staff. The hackers then demanded a ransom in Bitcoins (anywhere from $300 and up) to restore hospitals’ access, threatening to destroy all data if it wasn’t paid.

WannaCry rapidly spread throughout computers in all types of organizations, from telecom giants in Russia and Spain to the U.S.-based offices of FedEx.

WannaCry took advantage of a security vulnerability in Microsoft Windows servers. Although Microsoft had fixed the issue in a recent software patch, hackers knew that many organizations would either ignore the update, or are using computers with operating systems that are too old to be updated. Because this happens often in healthcare systems, hospitals were one of their top targets.

Hospitals’ response to ransomware

The WannaCry attack only shows that hackers are growing bolder, and their attacks are becoming larger in scale. Hospitals must make sure their systems and software are regularly updated with the latest patches to protect confidential data and ensure constant system uptime.

It can be tough for hospitals to keep track of all the computer equipment and medical devices that need updating. To help with this, all facilities need a dedicated IT security specialist on staff. According to an article in FierceHealthcare, only about 15% of small and medium-sized hospitals have a qualified IT security person to handle these issues.

Hospitals should also regularly reach out to their vendors for electronic health records (EHR) systems and other computer hardware to stay on top of any required updates or patches. Vendors aren’t always proactive about providing this information, so it’s on hospitals to make sure they’re running the most up-to-date version of their EHR and other software.

Healthcare cybersecurity experts warn that, just because hospitals in America weren’t hit by WannaCry, doesn’t mean they should take IT security lightly. In fact, they should use the scope of these attacks as motivation for allocating additional resources to bolster hospital networks and systems. That way, they’re less likely to be impacted by a similar incident in the future.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.