Gajus - Fotolia

WannaCry ransomware attack should push hospitals to gauge certain tech

The WannaCry ransomware attack affected hundreds of countries and hundreds of thousands of systems, including health systems. Experts discuss what healthcare orgs need to do.

In the wake of the WannaCry ransomware attack, two cybersecurity experts suggest that if hospitals are not already using techniques such as multifactor authentication and public key infrastructure certificates, they need to head in that direction.

The ransomware hit the U.K.'s public health system and affected 150 countries, infecting more than 200,000 computers worldwide.

In the U.K., 48 of 248 National Health Service trust hospital networks were reportedly disrupted by this ransomware attack, resulting in staff being unable to access their systems and patients not being able to seek treatment, James Scott, senior fellow at the Institute for Critical Infrastructure Technology in Washington, said in an email. The institute advises the private sector, federal agencies and the legislative community about cybersecurity.

"This was a significant event because the ransomware spread so quickly and without going through email," David Reis, senior vice president and CIO at Lahey Health in Burlington, Mass., said in an email. "It was the worm portion of this event, which used a vulnerability only patched by Microsoft in March that probably contributed to the speed of the propagation."

Healthcare organizations should invest "in comprehensive, layered security solutions that incorporate traditional antimalware, multifactor authentication, etc., as well as bleeding-edge technologies such as AI algorithmic defense solutions, which detects, mitigates and preempts threats before malicious code executes on the system," Scott said.

Multifactor authentication is a security approach in which more than one method of identity verification is needed to allow a login or access.

PKI also promotes greater authentication

Hospitals should also look into public key infrastructure (PKI) digital certificates, Jason Sabin, CSO at DigiCert, a security certification company located in Lehi, Utah, said in an email. PKI certificates allow organizations to:

The WannaCry ransomware attack serves as a reminder of the consequences of lagging cybersecurity across many industries, including healthcare, and the need for improved, standardized practices.
Jason SabinCSO, DigiCert
  • enable efficient and secure patch management and over-the-air updates;
  • authenticate every node in the network, including all devices -- such as mobile and medical devices -- and connection points; and
  • ensure message integrity through PKI deployment to only allow recognized and signed code access.

Scott advised that healthcare organizations adopt a layered defense given that ransomware attacks are continuing to escalate in scale.

"Organizations that fail to protect their systems and patients according to best practices and with bleeding-edge technologies, such as defense-grade artificial intelligence solutions, will be easy victims for even unsophisticated cyberattackers," Scott said. 

WannaCry causes surgery delays, ambulance diversions

WannaCry is malware that may be based on a stolen U.S. National Security Agency (NSA) cyberweapon. Stolen code from the weapon appeared online last year, although the NSA has not confirmed the code was the agency's. The malware entered various organizations' networks by exploiting an EternalBlue, an exploit of Microsoft Windows Server Message Block (SMB), vulnerability.

"The WannaCry ransomware attack serves as a reminder of the consequences of lagging cybersecurity across many industries, including healthcare, and the need for improved, standardized practices," Sabin said. "The WannaCry ransomware attack has led to major impacts across dozens of countries and possibly threatened patient care at NHS hospitals and clinics in the U.K., including causing ambulances to be turned away and surgeries canceled."

Scott said that had a more sophisticated attacker use the EternalBlue exploit, then the effect could have been more severe and patient data could have been stolen, sold and exploited.

"What happens with these kinds of attacks is that [criminals] find the weakest links in the network and then, once inside, the malware spreads like wildfire," Sabin said. Because vulnerable and unpatched SMB protocols in older Windows systems were exploited, Sabin recommends healthcare organizations adopt stronger network security.

Infection path of the WannaCry ransomware worm.
Infection path of the WannaCry ransomware worm.

"We have to think about an amazing array of network risks: employee VPN access, site-to-site VPN access, internet access, file shares and should we move to different technology that is not directly accessible from windows file manager," Reis said. "There is so much to consider and huge implications for how healthcare organizations typically think about internetworking."

Next Steps

The new threat landscape is made up of medical devices

A CIO and CISO share cybersecurity strategies

What needs more cybersecurity? Medical imaging systems

Dig Deeper on Electronic health records security compliance