A recent worldwide ransomware attack exposed vulnerabilities on computer networks in 100 countries.
The ransomware, dubbed “WannaCry”, locks users out of their computers and demands a bitcoin payment as ransom. Healthcare systems and providers who depend on the accessibility of their files in order to make life saving decisions are at particular risk. Notably, the United Kingdom’s National Health Service (NHS) was hit particularly hard by the attack.
Those who use Windows and did not undergo the security update released last month by Microsoft were vulnerable to the attack. That security update is free and still available from Microsoft.The attack could have been much worse. The victims were fortunate that someone observing the attack was able to identify a “kill switch” which prevented the attack from spreading.Several government agencies have issued responses and made cybersecurity suggestions moving forward.
The FBI recommends strong spam filters to avoid phishing emails. All anti-virus and anti-malware software should be up to date and set to automatically conduct scans. They also suggest training employees to recognize scams and malicious links. Finally, they propose that “penetration tests” should be run annually against the network.Computers should be backed up to some type of external hard drive in order to protect files and data. A full summary of the FBI’s statement can be found here:
FBI statement on WannaCry.HHS has issued a similar statement detailing cyber security recommendations: HHS cyber security update.According to the Institute for Critical Infrastructure Technology, the healthcare industry is one of the most frequent targets of malicious attacks.
In a report done by SANS institute, they noted that with the rise of electronic health records, more attacks are being waged on the healthcare field.The costs associated with a cyberattack for a healthcare provider are huge. Large HIPAA compliance fines can be imposed on companies. Additionally, there are costs to handling the incident and notifying victims, as well as lost opportunities, legal costs, new security investments, and the cost of recovering data.