Ransomware Attacks Make Hospitals ‘WannaCry’


Last week’s ransomware attacks against 16 British hospitals and countless other companies is driving home the importance of securing data against an expected wave of future cyberattacks. The attacks were the result of the WannaCry virus, which encrypted hospital data and asked for a cash payment to unlock it.

In the immediate aftermath, every hospital management team in the country should be meeting over the next few days to determine how they’ll handle future attacks, Alisa Chestler, an attorney with Baker, Donelson, Bearman, Caldwell & Berkowitz, told me. “They shouldn't feel like they're secure just because they passed this test. There will be more to come and they need to ask the hard questions in advance,” Chestler said.

The attack exploited a vulnerability within Microsoft Windows that had been discovered and patched in a March update, but many hospitals outside of the U.S. don’t use licensed software and aren’t alerted to software updates, Colin Zick, an attorney with Foley Hoag LLP, told me. That could explain why the U.S. wasn’t hit as hard by the attack, Zick said.

Zick said information technology professionals are on the case when it comes to the WannaCry virus, but cautioned that the attacks will never end. While regularly updating and patching software is essential, Zick said employee responsibility is just as important. Employees need to be trained not to click on every email that comes across their screen, Zick said, noting that by one estimate 20 percent of employees click on email embedded with malicious software, also known as malware.

Beyond the British hospitals, the WannaCry virus hit over 200,000 computers in 150 countries, attacking companies including FedEx, Nissan and Renault.

Read my full article here.

Stay on top of new developments in health law and regulation with a free trial to the Health Law Resource Center.

Learn more about Bloomberg Law and sign up for a free trial.