Skip to main content
close search
site logo
Dive Brief

WannaCry malware still hitting healthcare organizations

Published May 30, 2019
Shannon Muchmore's headshot
Senior Editor
Getty

First published on

Healthcare Dive

Dive Brief:

  • WannaCry, the malware that crippled dozens of hospitals in the United Kingdom two years ago, is still prevalent and attacking healthcare companies, according to a new report from cybersecurity firm Armis.
  • About 40% of healthcare delivery organizations have experienced at least one WannaCry attack in the past six months, largely because of older, unmanaged devices that are difficult to patch, according to the report.
  • The findings come a week after Microsoft disclosed a vulnerability in Windows 7 and other older operating systems the malware could exploit. The healthcare sector has the highest rate of using older systems (followed by manufacturing and retail), with more than 70% of organizations using Windows 7 or older versions, according to Armis.

Dive Insight:

Two years ago this month, WannaCry made headlines as nearly 200,000 instances of the malware were detected in more than 100 countries. About 40 U.K. hospitals were forced to suspend normal services and accept only emergency patients. A few months later, a new form of the virus was blamed for disrupting a North Carolina health system, forcing it to shut down its network.

And according to Armis, WannaCry is still very much a threat. "In healthcare organizations, many of the medical devices themselves are based on outdated Windows versions, and cannot be updated without complete remodeling," Ben Seri, VP of research at Armis, said in the report.

Device security is a major concern for healthcare organizations. Legacy systems that providers frequently use lack basic cybersecurity controls and often aren't properly vetted before connecting to a network, according to research from Vectra. Verizon's 2019 mobile security survey found that more the three quarters of respondents felt IoT devices presented the greatest cybersecurity threat for hospitals.

FDA is working to push organizations toward better security. Its Medical Device Safety Action Plan calls on manufacturers to put security updates and patch capabilities into products at the design stage and dictates procedures for disclosing potential vulnerabilities after market.

WannaCry attacks are typically ransomware — hackers request money to restore an organization's systems. Armis said more than $325 million has been paid out in ransom for WannaCry, part of a more than $4 billion price tag when disruption costs are included.

The virus is still active in 103 countries and more than 145,000 devices are compromised worldwide. At least 3,500 attacks are successful per hour, according to Armis, which notes that even a single infected device "can be used by hackers to breach your entire network."

But many healthcare organizations still aren't devoting a lot of resources to shoring up their systems. Most don't have a C-suite leader dedicated to managing cybersecurity and barely more than half routinely conduct risk assessments, according to Black Book Market Research.

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
SYNDEO Medical Announces European MDR Approval for Two Product Brands
From SYNDEO Medical
November 06, 2024
Echosens Launches its Liver Health Management (LHM) Platform Globally, Streamlining Liver Care
From Echosens
November 04, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell