Two WannaCry Cases Reported in the US, Directly Affecting Medical Equipment At least two Bayer medical devices in the United States have been affected by the infamous WannaCry ransomware attack. The malicious software, which affected over 200,000 organizations in 150 countries, ransoms users for payment to access their files. The United Kingdom healthcare system has been hit particularly hard, as 47 NHS trusts were affected. The cyberattack had a direct result on medical care, forcing appointments and operations to be cancelled and ambulances to be redirected.
Parker Waichman LLP keeps up-to-date with consumer news. The firm continues to offer free legal consultations to individuals with questions about filing a lawsuit.
Now, Forbes reports that Bayer has been affected by the WannaCry ransomware attack. At least two medical devices have been affected. These incidents mark the first-time medical equipment has been affected in the country. Bayer says both situations were remedied within 24 hours.
However, a full solution is still underway, FierceBiotech reports. A patch will be implemented for devices running Microsoft “soon,” says Bayer.
“These systems are not always easy to patch for a variety of reasons. Security fixes on embedded devices commonly require a complete firmware update from the vendor which is then manually installed on the device. This can greatly increase patch delays due to the time it takes for vendors to prepare and test a new firmware to ensure that it will not interfere with the intended operation of the medical device,” said Craig Young, computer security researcher at Tripwire, according to FierceBiotech.
He predicts that some hospital administrators may be against patching technology, as this will force the system to be offline while updates are installed. Young says they may not realize the dangers associated with cybersecurity weaknesses. “This “if it ain’t broke don’t try to fix it” mentality can be tremendously detrimental to hospital security,” he said.
Other medical device makers, including BD and Siemens, have issued recommendations regarding the issue. The companies did not explicitly say that their equipment has been affected. Microsoft has developed a patch, but it only works for certain product lines.
BD says it is “monitoring the developing situation with a large-scale ransomware attack that is affecting healthcare facilities across the globe. The “WannaCry” ransomware encrypts all files on affected computers and demands the administrator pay a ransom to regain control of those files. If affected, healthcare providers may lose access to patient files and experience major IT disruption and delays. At this time, we are actively monitoring the situation and working closely with customers to ensure the appropriate measures are taken to help safeguard our products.”
Siemens stated, “Select Siemens Healthineers products may be affected by the Microsoft vulnerability being exploited by the WannaCry ransomware. The exploitability of any such vulnerability depends on the actual configuration and deployment environment of each product.”
What is WannaCry Ransomware?
WannaCry is a type of ransomware which, as the name suggests, ransoms users for money. The software takes control of the user’s computers and locks their files, refusing to give access until the ransom is paid. The longer the user waits, the higher the ransom price. Hackers threaten to delete the encrypted files if payment is not submitted.
According to the Telegraph UK, the ransomware exploits a flaw in Microsoft’s Software.
The first case of ransomware was documented in the United States in 2005. The software quickly spread across the globe. Hackers usually gain access to a computer through a benign-looking email attachment. If the user opens the attachment, it locks the hard drive and prevents access to the files. For example, you will no longer be able to see your documents, pictures or music.
Hackers demand payment through Bitcoins; the digital currency is widely used among cyber criminals because it is essentially untraceable and unregulated.
Users can protect themselves from ransomware by backing up their files into a separate system. As such, you will not lose your data if subject to a ransomware attack. Victims of ransomware attacks are not advised to pay the ransom. There is no guarantee that you will receive the files as they were previously. If you encounter an attack, experts advise you to restore your files from back up.
Be suspicious of unsolicited emails; a message may look innocent enough but actually contains malware. Additionally, it is advised that you type out the name of a web address instead of clicking on links.
Need Legal Help Regarding Wannacry?
Our Consumer Fraud attorney is here to help you when you need it the most.