On Friday, May 12th, hospitals around the world fell victim to the malicious ransomware known as WannaCry. Starting that morning, medical workers logged into their computers to find a startling discovery: their files were now encrypted, blocked from their access and replaced by a demand for $300 in bitcoin. Though experts are still uncovering new information, they suspect that, unlike many ransomware attacks, WannaCry spread directly through vulnerabilities already installed in Windows computers during a March systems update. In other words, there was likely no need to trick people into opening a malicious link–the infection may very well have slipped directly into computers.
As the virus spread, many healthcare facilities had no choice but to cancel patient appointments, sometimes even mid-procedure. All across the globe, hospitals turned patients away, telling them that they would have to wait unless it was an emergency. The WannaCry attack was clearly a catastrophe, but what could have been done to prevent it?
One of the biggest preventative measure a facility can take is to back up all of its data in as many places as possible, ideally off-site. Cloud-based storage systems are a great way to keep valuable information close at hand, though industry experts also recommend keeping extra hard copies in a completely separate facility or even a different city. The more copies of patient information a hospital has, the greater chance they have of being able to restore their data without paying the ransom, thereby rendering the hackers’ demands empty.
Additionally, healthcare professionals must take care to update their security software regularly. The more outdated a piece of software, the more time hackers have had to comb it for vulnerabilities. The same is true for operating systems. Many of the computers affected by WannaCry ran years-old Windows XP software that lacked modern protection measures, meaning that the ransomware had a much easier time breaking in.
Though the WannaCry attacks were devastating, they also served as a major wake-up call for the global healthcare industry. In order to provide patients with the greatest possible standard of care, it is essential that all medical facilities take precautionary steps to secure and back up their data in as many ways as possible.