- Late last week, many countries around the world fell victim to the WannaCry ransomware attack. The cybersecurity breach targeted healthcare organizations and made its way to the US, after first heavily affecting the National Health Service (NHS).
The attack impacted more than 150 countries and over 230,000 individual computers. Other affected organizations included Telefonica and Deutsche Bahn.
WannaCry is a ransomware program targeting Microsoft’s Windows operating system. The attack used common ransomware tactics including spreading phishing emails. But what made WannaCry particularly dangerous was its use of EternalBlue exploit, allegedly developed by the National Security Agency (NSA).
EternalBlue exploits Microsoft’s Server Message Block protocol. WannaCry targeted old, unsupported operating systems. Many healthcare organizations still use Windows XP and Windows Server 2003, which are no longer supported and updated by Microsoft.
The attack was essentially stopped by a researcher called MalwareTech who found an unregistered domain name in the ransomware. This individual redirected the domain to a sinkhole server and activated a “kill switch,” effectively stopping the attack from spreading further.
However, healthcare organizations are still potentially vulnerable to WannaCry.
“One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again,” MalwareTech stated in his official blog. “It’s incredibly important that any unpatched systems are patched as quickly as possible.”
Microsoft released a security update, MS17-010 on March 14, 2017. Many organizations had still not installed the security patch, which gave WannaCry access to their networks.
In an attempt to prevent more damage, Microsoft released a security update for Windows XP, Windows 8, and Windows Sever 2003. These operating systems are well past their support cycles and had not received security patches for some time.
US-CERT stressed the vulnerabilities that unpatched and outdated IT infrastructure systems may expose.
“Ransomware spreads easily when it encounters unpatched or outdated software,” US-CERT explained. “The WannaCry ransomware may be exploiting a vulnerability in Server Message Block 1.0 (SMBv1). For information on how to mitigate this vulnerability, users and administrators are encouraged to review the US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010.”
HHS advised healthcare organizations to remain cautious in the aftermath of WannaCry stressing the following steps in an email to protect against ransomware:
- Only open up emails from people you know and that you are expecting. The attacker can impersonate the sender, or the computer belonging to someone you know may be infected without his or her knowledge.
- Don’t click on links in emails if you weren’t expecting them – the attacker could camouflage a malicious link to make it look like it is for your bank, for example.
- Keep your computer and antivirus up to date – this adds another layer of defense that could stop the malware.
Organizations are also advised to report any ransomware attacks to the Internet Crime Complaint Center (IC3).
While WannaCry was very damaging to the healthcare industry, it also serves as a wakeup call to maintaining strong cyber hygiene. Healthcare organizations cannot continue to use outdated, unsupported infrastructure technology.
Entities often postpone upgrading technology because it can be expensive or because their current systems still work well. Organizations can have a difficult time justifying spending their budgets on infrastructure technology upgrades when there isn’t anything actively wrong with their current systems.
Many healthcare organizations also still use Windows XP to support a significant piece of their IT infrastructure. Windows XP works well for what it’s deployed to do, but it’s also unsupported, which makes it a massive risk to network security.
Updates are an important part of cybersecurity. Hackers are becoming better at infiltrating health IT systems and have a much easier time infiltrating a network through a vulnerability that has been static for years.
Newer operating systems are constantly changing and patching these vulnerabilities, offering better protection against attacks.
Healthcare organizations need to prioritize updating their operating systems to protect against small and large-scale attacks.