After wave of overseas attacks, WannaCry ransomware sighted in U.S. hospital

by Roy Edroso on May 18, 2017
The WannaCry ransomware exploit that heretofore had not been seen in the U.S. is reported to have infected at least one medical device in an American hospital.
 
Our report on this incursion in the latest issue of Part B News deals with WannaCry, which has attacked several foreign health care entities overseas including Britain's National Health Service, as a pending threat to U.S. health care providers, but it appears the threat already has landed.
 
Forbes reported May 17 that "a source in the health care industry passed Forbes an image of an infected Bayer Medrad device in a U.S. hospital. The source did not say which specific hospital was affected, nor could they confirm what Bayer model was hacked. But it appears to be radiology equipment designed to help improve imaging...."

Forbes also reported that "a Bayer spokesperson confirmed it had received two reports from customers in the U.S. with devices hit by the ransomware but would not say which specific products were affected."

WannaCry has device makers nervous: Security blog Threatpost reported that device makers such as Siemens and Becton Dickinson have sent alerts to their customers. 

Also, Reuters reported May 15 that the U.S. Department of Homeland Security reported that "a small number of U.S. critical infrastructure operators have been affected" by WannaCry, though none was in the U.S. government.

"Medical devices used in offices, hospitals and homes -- such as infusion pumps, ventilators, monitors defibrillators, laboratory equipment and much more -- are generally woefully unprotected against security threats," Steven Hausman, president of Hausman Technology Presentations in Gaithersburg, Md., tells Part B News. "What would happen if an attacker decided to modify settings on a drug pump? What if they reprogrammed a defibrillator to not provide an electrical shock when it was expected to do so?"
 
For tips on defending against this threat, see our story in the current Part B News
Blog Tags: Privacy, security
The information contained herein was current as of the publication date. © Copyright DecisionHealth, all rights reserved. Electronic or print redistribution without prior written permission of DecisionHealth is strictly prohibited by federal copyright law.