Attack on computer systems worldwide highlights critical importance for hospitals and medical laboratories to regularly update IT infrastructure and software
While Internet connectivity and automation are changing the landscape of both healthcare and diagnostic testing facilities, it is also creating new ways for things to go catastrophically wrong. The WannaCry ransomware attack on May 12th highlights the critical need for hospitals, medical practices, pathology groups, and clinical laboratories to constantly update the software and systems powering much of their healthcare continuum.
After infection, the ransomware encrypts 179 different file types on the system it’s attacking. It then demands payment in bitcoins to remove the encryption and restore access to files. Clinical laboratories should be wary of any suspicious e-mail attachments and apply security updates to vulnerable systems as soon as possible.
Ransomware Attacks on UK and US Health Systems
According to The Guardian, WannaCry infected 48 of the 248 NHS trusts in England over the weekend. The New York Times reported delays and complications accessing and recording essential patient information at Royal London Hospital.
This isn’t the first example of ransomware impacting healthcare providers. Dark Daily reported cyber-attacks on Bakersfield’s Kern Medical Center in 2011 and on Washington, DC’s, MedStar Health in a 2016 e-briefing.
Cyber-attacks were also a major discussion at the 2017 Frontiers in Laboratory Medicine (FiLM) convention in Birmingham, England.
User Participation Not Required to Spread Infection
What makes WannaCry different from past cyber-attacks is how it spreads. While many attacks rely on users downloading or opening a file on each infected computer, the WannaCry exploit scans the network of any infected computer and automatically spreads to vulnerable systems where it continues to spread.
According to articles on National Public Radio (NPR) the first reports of infection were from Spain and Britain. By the weekend, reports were showing up around the world.
The investigation into who released WannaCry is still underway. At the time of writing, multiple kill switches have helped stop its spread. However, in another New York Times article, Matthieu Suiche, founder of Comae Technologies in Dubai, notes, “… it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.”
Lack of Funding Hinders Keeping Healthcare Systems Secure
One of the most challenging aspects of avoiding situations such as the WannaCry outbreak is the complex nature of keeping laboratory information systems (LISs) and hospital information systems (HISs) up to date. Already, many pathology labs rely on proprietary software and tools to communicate, analyze, and process data. This means that installing updates to core network services or infrastructure is not always as simple as pressing a button and waiting for a computer to reboot.
Speaking with The Washington Post about the latest cyber-attack, Tom Kellermann, chief executive of Strategic Cyber Ventures said, “The most exploitable industry in the world is the healthcare sector.” He later attributes this to a lack of computer security funding and increasingly complex regulations.
However, these concerns are just one part of the problem. Sometimes the vulnerable software isn’t upgradable—such as embedded middleware software powering an expensive piece of equipment, or a proprietary solution, that will not run properly on newer operating systems.
Replacing equipment that might cost hundreds of thousands of dollars over an obscure security vulnerability isn’t an easy item to fit into already-tight diagnostic laboratory or hospital budgets. Rewriting entire sets of software is equally costly—both in time and financial investment.
Ensuring Best-Defense Against Attacks on Medical Laboratories
The WannaCry ransomware highlights this issue. Microsoft addressed the vulnerability used by the WannaCry ransomware in a March 14 Critical Security Bulletin. However, these bulletins and updates only work with currently supported versions of Microsoft’s Windows operating systems. And even then, only if installed.
Microsoft went against its standard practices and released patches for older operating systems to address the security vulnerabilities exploited by WannaCry on May 13, 2017. However, these patches do little to address the problems facing companies that are operating the estimated 200,000 computers already compromised and encrypted.
While the initial wave of infections appears over. Pathology laboratories and medical groups should exercise caution in the coming days and weeks. Cyber-attacks are not new, but they’re likely to increase as new exploits are found or large attacks gain global notoriety and attention. Already, Comae Technologies is reporting new variations of the WannaCry ransomware appearing in the wild.
Although technology continues to drive innovation and competition within the laboratory market, these same advances create ways for attackers to reach sensitive systems and create complications. Clinical laboratories and anatomic pathology groups that perform regular security audits, and which focus on updating tools and software, will provide a best-defense against future ransomware and malware releases.