What emerged on Friday morning, May 12, European time, and quickly spread across the world as one of the most intensive and extensive ransomware-based attacks to date, affecting organizational operations of all kinds in approximately 150 countries, seemed to have gotten somewhat under control by early this week, even as the attack has jolted the information technology world across the planet.
Variously known as the Wanna Cry or Wanna Decryptor ransomware virus, the phenomenon on Friday virtually shut down several dozen regional health authorities within the National Health Service of the United Kingdom, while simultaneously impacting the operations of such diverse entities as Spain’s national telephone service, La Telefónica; Germany’s railway system, Deutsche Bahn; automotive plants of the French car manufacturer, Renault; the Russian Interior Ministry; and universities in China and Taiwan.
In his breaking news article on Friday, Healthcare Informatics Managing Editor Rajiv Leventhal quoted Creighton Magid, a partner at the international law firm Dorsey & Whitney, who noted that “The cyberattack, using a ransomware bug known as WannaCry, appears to have used an NSA exploit known as ‘Eternal Blue’ that was disclosed on the web by Shadow Brokers. Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch.” Like the DDOS attack last October,” Magid said, “this attack shows that interconnected devices and systems are vulnerable to attack by nations, non-state actors and just plain crooks,” he says, adding that an attack of this scope points to the potential for an entirely different type of damage: shutting down entire businesses, hospital systems, banks, and critical infrastructure.”
As the cyberattack’s impact continued to spread worldwide into and through Saturday, Editor-in-Chief Mark Hagland quoted a report published online at 7:50 AM eastern time that day by The New York Times’ Mark Scott, in which Scott wrote that “The attack is believed to be the first in which such a cyberweapon developed by the N.S.A. has been used by cybercriminals against computer users around the globe. While American companies like FedEx said they had also been hit,” he added, “experts said that computer users in the United States had so far been less affected than others because a British 22-year-old cybersecurity researcher inadvertently stopped the ransomware from spreading,” referring to the Kryptos Logic IT specialist. “The 22-year-old British researcher, whose Twitter handle is @MalwareTechBlog and who confirmed his involvement but insisted on anonymity because he did not want the public scrutiny,” Scott wrote, “found the kill switch’s domain name—a long and complicated set of letters. Realizing that the name was not yet registered, he bought the name himself. When the site went live, the attack stopped spreading, much to the researcher’s surprise.” Scott quoted Matthieu Suiche, founder of Comae Technologies, a cybersecurity company based in the United Arab Emirates, as saying that “The kill switch is why the U.S. hasn’t been touched so far. But it’s only temporary,” Suiche added. “All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.”
As it turns out, that researcher was able to devise a “kill switch” for the virus, which had already shut down patient care delivery at dozens of British regional health authorities, and frustrated operations at a full range of other business, governmental, and educational organizations worldwide.
What U.S. healthcare IT leaders need to know
So what does all this mean for U.S. healthcare providers? A fair amount, say industry experts and observers. “There are several lessons here,” says Mac McMillan, president and CEO of the Austin, Tex.-based CynergisTek IT security consulting firm. “One is an old lesson that we still haven’t learned as an industry, and that is that basic IT hygiene, keeping systems up to date, and not keeping systems you can’t patch, like medical devices, or segmenting them away—that people still aren’t doing those things to the extent that they need to. Basic hygiene could have saved the National Health Service here.” The National Health Service in the U.K. was still operating on the abandoned Windows XP platform, as Hagland noted in his blog on Sunday. And, says McMillan, “That’s insane.”
Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.