Wannacry and ransomware impact on patient care could “cause fatalities”
Image credit: Dreamstime
The chances of a serious patient care incident occurring as a result of ransomware have been heightened by the latest attacks on the healthcare sector and could ultimately result in a fatalities, cyber-security industry experts have warned.
A week after the WannaCry worm caused NHS stroke centres to close, X-ray sessions to be cancelled and surgery to be postponed, these incidents underline ransomware’s capability to bring critical organisational operations to a standstill, says McAfee chief scientist Raj Samani: “Whether it disrupts an MRI scanner, forces a hospital to cancel surgeries or prevents a doctor from finding patient information, ransomware can impede healthcare treatment and risk patient well-being”.
Speaking this week at a media briefing hosted by the No More Ransom project, Samani said that it takes a large hit on the healthcare sector to fully underline the direct impact cyber-crime now has: “We see cyber-criminals collaborating, sharing tools and working together to unleash attacks and make them as lucrative as possible, often ignoring the backlash of how it affects citizens around the globe”.
Samani adds: “Updating IT security systems is not always as simple as it might seem. For instance, many systems – particularly in the healthcare sector – must remain available all the time and, as a result, finding time to update and reboot them is not easy.”
WannaCry had a large impact on UK healthcare institutes, reportedly causing some hospitals to prioritise or turn away patients – thereby putting human lives at risk, says Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Technology failures and cyber-attacks will inevitably result in human deaths, I believe – if they haven’t already,” he says.
Nachreiner caused controversy in 2013 when he forecast that a ‘digitally-dealt death’ would likely occur as hackers turned their attention to disrupting increasingly-connected critical systems.
“One of my security predictions for this year was that ‘Cyber Cold War’ would result in civilian ‘casualties’,” he explains. “By that, I meant that one of the zero-day vulnerabilities that governments stockpile would get into the wrong hands and be exploited against a private organisation or a citizen.
“The ‘casualty’ in that prediction was meant to be metaphoric – a civilian computer hit by a nation-state exploit. WannaCry has already proven this prediction true – it leveraged an NSA leaked vulnerability – but, unfortunately, it almost made this prediction literal as well.”
Nachreiner adds: “Our societies’ large and growing reliance on networked technology means that even small disruptions can have unintended consequences. I would not be surprised if a cyber-attack had life-threatening consequences [before the end of] this year (2017) – intended or accidental.”
The No More Ransom project is an initiative by international law enforcement agencies and cyber-security companies, with the goal of helping victims of ransomware retrieve their data without having to pay criminals.