What is ransomware? What is WannaCry (also known as Wanna Decryptor and Wcry)? And, more importantly, how does this relate to the Medical Device/Healthcare industry? These are questions I hope to answer. I have provided a references guide at the end of the post for anyone who wants to know more about this topic, or for verification purposes. Because of the severity of this situation, it is recommended that professionals continue following the WannaCry Ransomware attack as it develops further.
Ransomware is a specific type of cyberattack where hackers take control of a system and hold hostage the system’s data until the company (or individual) agrees to pay the ransom. On May 12th, 2017 the largest attack in history was unleashed, and more than 200,000 companies in more than 150 countries were suddenly held hostage. The primary targets were based in Russia, Ukraine, and Taiwan. (Bodkin, 2017) WannaCry made use of a flaw in Microsoft's operating software discovered by the National Security Agency (NSA). This information was leaked, and hackers used it to infect the vulnerable computers, wipe all data and only leave the WannaCry program and the directions on how to get the data back. In this case, the hackers demanded payment in Bitcoins. (McGoogan, 2017) It was found that computers operating on systems older than 2007 are the most vulnerable. In March of this year, Microsoft offered a free program/patch to their systems that addressed the issues discovered. However, many companies did not update their computers with the patch which left their systems vulnerable. The list of companies who elected not to update their systems included the National Health Service (NHS) in Britain, who was operating on systems more than fifteen years old. (Bodkin, 2017)
By Janice Harvey 2017
Shortly after the ransomware was released, a security expert stalled the attack by activating a "kill switch" found in the program. While this has provided a short respite from the attack, there is concern that the group responsible for the attacks is attempting to bypass the kill switch, so companies need to take quick measures to ensure their data is properly protected from these attacks. (McGoogan, 2017)
The easiest way for hackers to gain access to vulnerable systems is through compromised emails and suspicious websites. "Spear phishing" has been a particularly successful method for hackers to get results; in many cases, these are emails that look like they were sent by company management asking employees to follow links. The Digital Guardian published an article earlier this year discussing phishing attacks with more than twenty cyber security experts and how companies can protect against them—please visit read this article if you want more information. (Lord, 2017)
The impact WannaCry has had on the NHS highlighted the industry’s vulnerability to these attacks. Not only are companies running on outdated systems, but when the industry is impacted, the health and welfare of billions of people was put at risk. When NHS went down, patients waiting for critical operations suddenly found their appointments cancelled, and doctors were left in the precarious position of resorting to note taking with pen and paper while being unable to access medical histories of their patients—which would indicate things like critical statuses and allergies to medications.
Many medical devices run off of software. When this software is not kept updated, it leaves these devices at risk to attacks like WannaCry. Updating software can be expensive and difficult, so more often than not, these devices are left to run on their old systems—I mean, it still works, right? Companies involved in the supply chain for medical devices, from the manufacturers and designers, to the end users, need to find a solution to these difficulties. (AAMI, 2017) How doTUV USA Cybersecurity Man with Umbrella we make it so users can reasonably update the software of these expensive devices (like MRIs) without having to replace them before the device itself is obsolete? These critical questions need to be addressed, and will be a driving factor behind significant conversations in the medical device and healthcare industries this year.
The Association for the Advancement of Medical Instrumentation (AAMI) has announced that cybersecurity of medical devices will be a focal point of their upcoming conference and expo in Austin, Texas from June 9-12. Industry experts are expected to present on this topic, including Kevin Fu, who is an associate professor at the University of Michigan where he directs the Archimedes Center for Medical Device Security.
AAMI. (2017, May 16). Ransomware Attack Serves as 'Wake-Up' Call to Healthcare's Vulnerabilities. Retrieved from Association for the Advancement of Medical Instrumentation (AAMI): http://www.aami.org/newsviews/newsdetail.aspx?ItemNumber=4753
Cara McGoogan, J. T. (2017, May 18). What is WannaCry and how does ransomware work? Retrieved from The Telegraph: http://www.telegraph.co.uk/technology/0/ransomware-does-work/
Henry Bodkin, B. H. (2017, May 13). Government under pressure after NHS crippled in global cyber attack as weekend of chaos looms. Retrieved from The Telegraph: http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/
** Lord, N. (2017, February 28). Phishing Attack Prevention: How to Identify & Avoid Phishing Scams. Retrieved from Digital Guardian: https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
About the Author
Janice Harvey has been with TUV USA since May of 2016, and moved to the Medical Products Division that September. She is currently attending Kaplan University for a Bachelor’s Degree in Business Administration. Janice provides independent content writing for divisions of TUV USA, Inc. She has contributed to the content of the TUV USA website as well. Janice Harvey LinkedIn