Healthcare Cybersecurity Weekly Briefing 5-19-2017

Ransomware Makes Healthcare Wannacry
“Healthcare organizations are particularly vulnerable to these attacks because awareness about email authentication is still quite low in the sector as a whole. In order to protect the nation’s healthcare infrastructure from future ransomware attacks, we encourage all security executives to ensure their organizations have proper email authentication at enforcement,” said ValiMail CEO Alexander Garcia-Tobar. “It only takes a click from one person to endanger an entire enterprise.”

U.S. Hospitals Not Immune to Crippling Cyber Attacks
It is no secret health care providers are worried. One large hospital system in Boston took some drastic steps this weekend, disabling all attachments in e-mails—even though WannaCry can spread without any victim interaction, Fu says. “I would say we had dodged a bullet [compared with the U.K.], but I think the bullets are still coming and we know we are just as vulnerable,” he says, noting the malware could be further tweaked to cause future problems.

Medical Systems Hacks Are Scary, but Medical Device Hacks Could be Even Worse
Researchers in Belgium and the UK have demonstrated that it’s possible to transmit life-threatening (if not fatal) signals to implanted medical devices such as pacemakers, defibrillators, and insulin pumps. A catheter lab in a Virginia facility was temporarily closed when malware was discovered on the computers supporting cardiac surgery. In three other similar cases, malware capable of opening up “backdoor” access to a hospital’s IT network was found in software residing on X-ray, blood gas analyzer, and communications devices.

The Threat of Cyber-attacks and Data Breaches on Healthcare Institutions
Data from healthcare institutions is particularly valuable because it contains sensitive personal information, such as social security numbers, date of birth, address details and medical histories. That data could in theory be sold to companies looking to carry out targeted advertising. However, in more worrying cases, the information obtained is held for ransom (usually by locking data and threatening to delete it) and a demand for payment (usually in untraceable bitcoins) is made. Interestingly, the amount of ransom sought is usually low in value as the success of this crime only works if the victim can afford to make the payment.

Why Health Care is Especially Vulnerable to Ransomware Attacks
It’s still too early to gauge the fallout from this digital delinquency. But the breach highlights a stark—and scary—reality about health IT: Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers, and other personal information hostage barring a big payout. In fact, the FBI has issued several stark warnings about the unique and growing threat ransomware presents to health care companies specifically in the past few months.

Medical Devices Hit by Ransomware for the First Time in US Hospitals
A source in the healthcare industry passed Forbes an image of an infected Bayer Medrad device in a U.S. hospital. The source did not say which specific hospital was affected, nor could they confirm what Bayer model was hacked. But it appears to be radiology equipment designed to help improve imaging. More specifically, it’s a device used for monitoring what’s known in the industry as a “power injector,” which helps deliver a “contrast agent” to a patient. Such agents consist of chemicals that improve the quality of magnetic resonance imaging (MRI) scans.

Held Hostage by Ransomware? There is Insurance for That. 
According to Ben Myers, commercial lines producer with the Insurance Office of America, the standard “network extortion” coverage includes the cost of the ransom, experts to assist with removing the ransomware and the loss of income to your business in the event you are forced to cease operations during the attack. Additionally, as cyber insurance is a relatively new market, Mr. Myers advises that the varying insuring provisions can be purchased at a relatively low rate given the risk being assumed by the insurance company.

UK Working to Restore Hospital Systems After Cyberattack
Britain’s National Cyber Security Center said Saturday that teams are working “round the clock” to restore hospital computer systems after a global cyberattack that hit dozens of countries forced British hospitals to cancel and delay treatment for patients. In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained. The extortion attack, which locked up computers and held users’ files for ransom, was believed the biggest of its kind ever recorded, disrupting services from the U.S. to Russia, Spain and India.

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.