Parker Waichman is investigating potential lawsuits on behalf of patients and healthcare providers who/that were injured due to the recent WannaCry ransomware attack.
The WannaCry ransomware attack on the United Kingdom healthcare service has also attacked at least two Bayer medical devices in the United States, according to Forbes. An image received by Forbes reveals the WannaCry ransom message hides the display of a Bayer radiology system.
Ransomware Fix may Lead to Challenges in Operations
Bayer confirmed it received two reports of WannaCry impacting U.S. customers. This confirmation is the first time ransomware is known to have directly impacted medical equipment in the United States. Bayer indicated that operations were restored within 24 hours, according to FierceBiotech.com. Complete fixes are expected to take a longer time and Bayer intends to send out one corrective patch for devices that run Microsoft Windows “soon.” Meanwhile, experts say that using “Microsoft Windows Embedded family of operating systems on many medical devices” makes the rapid and painless patching of equipment “unlikely.”
“These systems are not always easy to patch for a variety of reasons. Security fixes on embedded devices commonly require a complete firmware update from the vendor which is then manually installed on the device. This can greatly increase patch delays due to the time it takes for vendors to prepare and test a new firmware to ensure that it will not interfere with the intended operation of the medical device,” Craig Young, a computer security researcher at Tripwire, wrote in an emailed statement, according to FierceBiotech.com.
Mr. Young also noted that devices should not be used while firmware is being installed and updated; however, FierceBiotech.com. pointed out that this has flagged many hospitals, including those in the United Kingdom, which are spread thin and are not reasonably able to reduce their technology capacity. Mr. Young suspects that hospital administrators under-appreciate the dangers that are posed by outdated software. Given the choice of challenging difficulties that will likely occur from taking a device offline for maintenance and the threat of a security breach, hospital administrators may choose against patching technology. “This “if it ain’t broke don’t try to fix it” mentality can be tremendously detrimental to hospital security,” Mr. Young added.
The result of the WannaCry ransomware attack may leave healthcare systems open to taking preventative measures and device makers are looking to take advantage of the opportunity, according to FierceBiotech.com.
System users may protect some devices by installing a patch from Microsoft; however, this may only be applicable to certain product lines. One company recommends hospitals use firewalls to block access to certain network ports. If that is not possible, disconnection of the device from the network until the patch or other fix is installed, is strongly recommended, FierceBiotech.com. pointed out.
What Is Ransomware?
There are different types of ransomware and all will prevent the normal use of a PC and will ask the user to do something before using the PC, according to Microsoft. Ransomware may target any PC user: Home computers, endpoints in an enterprise network, servers used by a government agency or a healthcare provider, according to Microsoft.
Ransomware may prevent access from Windows, encrypt files and make them unusable, and stop certain apps—such as the web browser—from running. At the same time, ransomware will make a demand for money—the ransom—to obtain access to the PC or its files. In some cases, ransomware may ask the user to complete a survey, noted Microsoft. Meanwhile, paying the fine or doing whatever it is that Ransomware asks does not guarantee access to the PC or files again.
There are two types of ransomware: Lockscreen ransomware and encryption ransomware. Lockscreen ransomware shows a full-screen message preventing the user from accessing the PC or its files and the message may indicate that a ransom may have to be paid to achieve access to the PC again. Encryption ransomware changes files so that the files are unable to be opened by encrypting the files, Microsoft noted.
Some older versions of ransomware have made claims that the user has done something illegal with the PC and that the user is being fined by a police force or government agency. The claims are bogus and are simply a scare tactic designed to make PC users pay the money without telling those who might be able to restore the PC. Newer versions, however, encrypt the files on the PC so that they are not accessible, then demanding money for file restoration, according to Microsoft.
Microsoft notes that ransomware may attack a PC from nearly any source that any other malware, including viruses, comes from such as by visiting unsafe, suspicious, or fake websites; opening emails and attachments from people either unknown by the user or that the user is not expecting; and clicking on malicious or bad email links in Facebook, Twitter, and other social media posts and instant messenger chats, including Skype.
It may be very challenging to restore a device, such as a PC, following a ransomware attack, especially if the device is infected by encryption ransomware. Microsoft notes that the best solution to ransomware is to be careful on the internet, with emails, and with online chats; do not click on a webpage link or a link in an email or chat message unless you trust the page or sender.
Fake webpages and emails tend to have bad spelling and/or may simply present as bizarre. There may be odd spellings of company names. Microsoft provided the example “PayePal” instead of “PayPal”; unusual spaces, symbols, or punctuation such as “iTunesCustomer Service” instead of “iTunes Customer Service”.
Ransomware has become a global problem and the United States and the United Kingdom are not alone. According to Microsoft, the U.S., Italy, Russia, Korea, and Spain experienced the most ransomware attacks in 2016.
Microsoft indicates that there are a serious amount of emails that carry ransomware downloaders with some 500 million such emails sent out every quarter. The email attachments reach millions of computers and, in 2016, Microsoft tracked over 200 ransomware “families.” Over half of these families were discovered only in 2016. This means that cybercriminals are routinely releasing new ransomware. In 2016, Cerber and Locky were the most prominent ransomware families. WannaCry is a ransomware family.
ZDnet.com, points out that cyber-security professionals are saying that the WannaCry ransomware attack should be taken as a warning of the impact that just basic malware may have. Because of its worm-like features, WannaCry was able to rapidly spread through an infected network, while using a vulnerability in some of the versions of Windows.
Authorities worldwide are working on identifying the perpetrators; however, according to ZDnet.com, the ransomware campaign might have been due to a considerably amateur operation that spiraled out of control. “This doesn’t look like a very professional ransomware,” said Orli Gan, product manager at security company, Check Point, speaking at the company’s CPX conference in Milan, Italy, just days after the WannaCry epidemic.
What is known is that much of the code that made WannaCry was built by the NSA to exploit the EternalBlue Windows vulnerability. It was then leaked by the Shadow Brokers, which means that anyone could access it. “What we see in the malware is actual evidence of the attackers just taking code from that Github page, so we can draw a direct line from the malware, back through to the NSA exploits,” said Yaniv Balmas, malware research team leader at Check Point. Those behind WannaCry have been chaotic in the way in which they “bolted” the ransomware onto the code, which researchers say organized, professional, cybercriminal groups would not do. “The ransomware built on top of it is pretty amateur and also what you can see is the amount of money received is significantly lower than in other cases,” said Gan. Just a few hundred ransom payments of $300 in Bitcoin were paid to the attackers who potentially cannot tell who has paid them, according to ZDNet.com “That also points to this not being a professional organization,” she added.
“If someone can put a name to a face behind this attack and show this person is being prosecuted for the damage they’ve caused, there will be an impact. But as long as long as people keep seeing the crime goes unpunished, this cyber-threat will [continue to] enter the real world,” said Gan.
Ransomware has experienced great success, netting cybercriminals $1 billion in 2016, alone, because it works. Individuals will pay ransom demands to get their encrypted files back, ZDNet.com pointed out. “If people keep paying for ransomware, you’re basically only paying for the next ransomware. If people stop paying for ransomware, it’ll stop. So until you stop paying for it, you can expect to see more campaign,” said Balmas.
Filing a Ransomware
If you or someone you know is interested in filing a personal injury lawsuit over losses or injuries due to ransomware, please contact the law firm of Parker Waichman LLP today. Our firm offers free, no-obligation case evaluations. For more information, fill out our online form or call 1-800-YOURLAWYER (1-800-968-7529).
New York City, Long Island, New Jersey, and Florida
Our personal injury lawyers New York City are here to help you when you need it the most.