As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread by phishing emails. There are fears that the number of affected computers could increase significantly when employees start the new work week and turn on their computers. To make matters worse, cybersecurity experts are warning organizations to be alert for new variants of the ransomware that may be released in the coming days.
On Friday, the U.S. Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued warnings to organizations, including those in the healthcare sector, about the global ransomware attacks in which victims are asked to pay a $300 Bitcoin ransom for access to the data being held hostage. Because healthcare organizations require immediate access to patient information and typically have underfunded data security initiatives, they are particularly vulnerable to ransomware attacks. By Friday afternoon, OCR said there was evidence that the cyberattacks had affected U.S. organizations.
According to published reports and US-CERT, the WannaCry ransomware may be exploiting a vulnerability in Microsoft Server Message Block 1.0 (SMBv1). In March 2017, Microsoft released a patch to address the vulnerability. However, organizations that have not yet applied the patch are susceptible to the WannaCry ransomware. To mitigate this vulnerability, US-CERT encourages users and administrators to review the US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010.
Additional information about the WannaCry ransomware, including preventive measures, is available in U.S.-CERT Alert TA17-132A, Indicators Associated With WannaCry Ransomware, available here.
This incident is a reminder to healthcare organizations of the importance of:
- timely applying patches for identified computer system and software vulnerabilities;
- maintaining backups of all critical systems and ensuring the backups work correctly; and
- frequently reminding employees to remain vigilant for phishing emails.
We will continue to monitor this developing story and publish updates as necessary.