The WannaCry ransomware exploit that heretofore had not been seen in the U.S. is reported to have infected at least one medical device in an American hospital.
Our
report on this incursion in the latest issue of
Part B News deals with WannaCry, which has attacked several foreign health care entities overseas including Britain's National Health Service, as a pending threat to U.S. health care providers, but it appears the threat already has landed.
Forbes reported May 17 that "a source in the health care industry passed
Forbes an image of an infected Bayer Medrad device in a U.S. hospital. The source did not say which specific hospital was affected, nor could they confirm what Bayer model was hacked. But it appears to be radiology equipment designed to help improve imaging...."
Forbes also reported that "a Bayer spokesperson confirmed it had received two reports from customers in the U.S. with devices hit by the ransomware but would not say which specific products were affected."
Also,
Reuters reported May 15 that the U.S. Department of Homeland Security reported that "a small number of U.S. critical infrastructure operators have been affected" by WannaCry, though none was in the U.S. government.
"Medical devices used in offices, hospitals and homes -- such as infusion pumps, ventilators, monitors defibrillators, laboratory equipment and much more -- are generally woefully unprotected against security threats," Steven Hausman, president of Hausman Technology Presentations in Gaithersburg, Md., tells Part B News. "What would happen if an attacker decided to modify settings on a drug pump? What if they reprogrammed a defibrillator to not provide an electrical shock when it was expected to do so?"