Attack on computer systems worldwide highlights critical importance for hospitals and medical laboratories to regularly update IT infrastructure and software

While Internet connectivity and automation are changing the landscape of both healthcare and diagnostic testing facilities, it is also creating new ways for things to go catastrophically wrong. The WannaCry ransomware attack on May 12th highlights the critical need for hospitals, medical practices, pathology groups, and clinical laboratories to constantly update the software and systems powering much of their healthcare continuum.

After infection, the ransomware encrypts 179 different file types on the system it’s attacking. It then demands payment in bitcoins to remove the encryption and restore access to files. Clinical laboratories should be wary of any suspicious e-mail attachments and apply security updates to vulnerable systems as soon as possible.

Ransomware Attacks on UK and US Health Systems

While not specifically targeted at healthcare systems or medical laboratories, the UK’s National Health Service (NHS) has already seen the damage ransomware can do.

According to The Guardian, WannaCry infected 48 of the 248 NHS trusts in England over the weekend. The New York Times reported delays and complications accessing and recording essential patient information at Royal London Hospital.

This isn’t the first example of ransomware impacting healthcare providers. Dark Daily reported cyber-attacks on Bakersfield’s Kern Medical Center in 2011 and on Washington, DC’s, MedStar Health in a 2016 e-briefing.

Cyber-attacks were also a major discussion at the 2017 Frontiers in Laboratory Medicine (FiLM) convention in Birmingham, England.

User Participation Not Required to Spread Infection

What makes WannaCry different from past cyber-attacks is how it spreads. While many attacks rely on users downloading or opening a file on each infected computer, the WannaCry exploit scans the network of any infected computer and automatically spreads to vulnerable systems where it continues to spread.

According to articles on National Public Radio (NPR) the first reports of infection were from Spain and Britain. By the weekend, reports were showing up around the world.

The investigation into who released WannaCry is still underway. At the time of writing, multiple kill switches have helped stop its spread. However, in another New York Times article, Matthieu Suiche, founder of Comae Technologies in Dubai, notes, “… it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.”

Lack of Funding Hinders Keeping Healthcare Systems Secure

One of the most challenging aspects of avoiding situations such as the WannaCry outbreak is the complex nature of keeping laboratory information systems (LISs) and hospital information systems (HISs) up to date. Already, many pathology labs rely on proprietary software and tools to communicate, analyze, and process data. This means that installing updates to core network services or infrastructure is not always as simple as pressing a button and waiting for a computer to reboot.

Speaking with The Washington Post about the latest cyber-attack, Tom Kellermann, chief executive of Strategic Cyber Ventures said, “The most exploitable industry in the world is the healthcare sector.” He later attributes this to a lack of computer security funding and increasingly complex regulations.

However, these concerns are just one part of the problem. Sometimes the vulnerable software isn’t upgradable—such as embedded middleware software powering an expensive piece of equipment, or a proprietary solution, that will not run properly on newer operating systems.

Replacing equipment that might cost hundreds of thousands of dollars over an obscure security vulnerability isn’t an easy item to fit into already-tight diagnostic laboratory or hospital budgets. Rewriting entire sets of software is equally costly—both in time and financial investment.

According to a Washington Post article, the ransomware attack in the UK “had immediate impacts in hospitals across the country. Operations were canceled, emergency room services were scaled down, and medical personnel went back to using handwritten notes.” (Image copyright: The Washington Post.)

Ensuring Best-Defense Against Attacks on Medical Laboratories

The WannaCry ransomware highlights this issue. Microsoft addressed the vulnerability used by the WannaCry ransomware in a March 14 Critical Security Bulletin. However, these bulletins and updates only work with currently supported versions of Microsoft’s Windows operating systems. And even then, only if installed.

For networks and systems running Microsoft’s Windows XP, Windows 8, or Windows Server 2003 platforms, the protections were not available without extended support from Microsoft.

Microsoft went against its standard practices and released patches for older operating systems to address the security vulnerabilities exploited by WannaCry on May 13, 2017. However, these patches do little to address the problems facing companies that are operating the estimated 200,000 computers already compromised and encrypted.

While the initial wave of infections appears over. Pathology laboratories and medical groups should exercise caution in the coming days and weeks. Cyber-attacks are not new, but they’re likely to increase as new exploits are found or large attacks gain global notoriety and attention. Already, Comae Technologies is reporting new variations of the WannaCry ransomware appearing in the wild.

Although technology continues to drive innovation and competition within the laboratory market, these same advances create ways for attackers to reach sensitive systems and create complications. Clinical laboratories and anatomic pathology groups that perform regular security audits, and which focus on updating tools and software, will provide a best-defense against future ransomware and malware releases.

—Jon Stone

Related Information:

Disruption from Cyber-attack to Last for Days, Says NHS Digital – As It Happened

Ransomware Attacks Ravage Computer Networks in Dozens of Countries

Malware, Described in Leaked NSA Documents, Cripples Computers Worldwide

Growing Global Cyberattack Hits 200,000 Victims So Far

New WannaCry Ransomware and How to Protect Yourself

WannaCry — The Largest Ransomware Infection in History

Hackers Hit Dozens of Countries Exploiting Stolen NSA Tool

Hacking Attack Has Security Experts Scrambling to Contain Fallout

Ransomware’s Aftershocks Feared as U.S. Warns of Complexity

WannaCry —New Variants Detected

Firms Urged to Update IT Systems after WannaCry Attack

Microsoft Windows Now Patched Against WannaCry Ransomware Attack

Microsoft Issues ‘highly Unusual’ Windows XP Patch to Prevent Massive Ransomware Attack

Cyber-Attacks against Internet-Enabled Medical Devices are New Threat to Clinical Pathology Laboratories

MedStar Health Latest Victim in String of ‘Ransomware’ Attacks on Hospitals and Medical Laboratories That Reveal the Vulnerability of Healthcare IT

Europe’s Medical Laboratory Innovators Convene in United Kingdom to Share Successes in Meeting New Healthcare Challenges, Including Big Data, Genetic Testing, and Digital Pathology