On Friday, a ransomware attack affected everything from hospitals to corporate offices in England, Russia, Spain, Vietnam, Turkey, Japan and other nations, according to The New York Times. As of Friday afternoon, cybersecurity firm Avast reported seeing 75,000 detections in 99 countries.
The ransomware, called “Wanna Decryptor,” was sent via email. Upon downloading the encrypted file, the computer user is locked out and prompted to pay ransom in order to regain access to files. The requested ransom appears to be about $300, payable in Bitcoin.
The vulnerability, which was discovered by the National Security Agency and leaked by a group called the Shadow Brokers, exploits a flaw in Microsoft software. In March, Microsoft released a patch for fixing the vulnerability. But not every organization has updated its software.
This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. At this stage we do not have any evidence that patient data has been accessed. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.
Officials with NHS said at least 25 organizations had been impacted by the cyberattack, according to The New York Times. NHS hospitals and other facilities have been forced to cancel procedures, redirect patients and use pen and paper in the absence of computers.
Imprivata CIO Aaron Miri said it’s not surprising that the attack targeted healthcare organizations. “In this case, healthcare is a soft target,” he told MedCity in a phone interview. Miri listed several reasons for this, including a lack of funding for vulnerability protection and a lack of education and awareness.
“People are the weakest link in everything,” he said. Miri noted that people working in healthcare are trusting, which doesn’t come in handy when it comes to cyberattacks. “By nature, they’re good people, and unfortunately the bad guys notice,” he said.
HHS officials have also commented on the attack, according to FierceHealthcare. In a statement, Laura Wolf, chief of the critical infrastructure protection branch at HHS, said:
HHS is aware of a significant cybersecurity issue in the UK and other international locations affecting hospitals and healthcare information systems. We are also aware that there is evidence of this attack occurring inside the United States. We are working with our partners across government and in the private sector to develop a better understanding of the threat and to provide additional information on measures to protect your systems. We advise that you continue to exercise cybersecurity best practices — particularly with respect to email.
MedCity reached out to several top U.S. hospitals, including UCLA Health, which sent the following statement via email:
Maintaining data security is a top priority requiring constant vigilance. On an ongoing basis, UCLA Health works with leading experts and applies substantial resources to enhance preparedness and combat criminal cyberattacks. Publicly discussing specific measures taken or providing additional detail may compromise our information technology security efforts.
But it’s not just the healthcare industry that’s been affected. Spain’s Telefónica, Russia’s MegaFon and America’s FedEx have also reportedly been hit.
Ed McAndrew, a partner at Ballard Spahr, commented on the global nature of the attack. “It will be harder for the attackers to remain hidden,” he told MedCity in a phone interview. “The money has to flow back to them somehow.”
The attack will also bring to light whether each organization had patched the vulnerability, McAndrew said. “The one bright spot is that we should end up with pretty good data about the entities that suffered, which should be telling,” he added.