Last Week in Healthcare: Massive Cyber Attack Nearly Shuts Down the NHS

Posted May 15, 2017
By George McLaughlin

One of these weeks, I’m going to share a heartwarming story about a healthcare discovery that promises to improve the lives of millions of patients around the world. Unfortunately, this isn’t that week.

Last Friday, news broke that the NHS (National Health Service, UK) was dealing with a massive ransomware attack that locked staff out of their computers and threw dozens of healthcare facilities into a state of chaos.

Screen Shot 2017-05-12 at 3.51.46 PM.png

It soon became apparent that the NHS was not the sole target of the attacks, rather a highly vulnerable entity brought to its knees by a broader attack that saw a Malware variant named “WannaCry” released on the world. (View map of attacks)

In addition to the NHS, other high profile organizations including Telefonica (Spain), Renault (France), Deutsche Bahn (Germany), Sberbank (Russia), and FedEx (USA) were impacted. All told, over 74 countries and 200,000 computers were affected, making the WannaCry attack one of the largest, most successful cyber attacks in history.

Today, the world is still making sense of the attack and what can be done to prevent something similar from occurring in the future. Although patches and protocols to stop the spread of the attack have been made available, there are still very real concerns that the attack will impact more users before it is entirely snuffed out.

Screen Shot 2017-05-15 at 6.40.01 AM.png

In the following sections, I will attempt to distill what we know about the attack and its impact on healthcare. If you’re looking for a more technical breakdown of the attack, I highly recommend this blog from the good folks at Talos.

What exactly is “ransomware”?

Ransomware refers to malicious software that blocks access to files on a computer until a ransom is paid, most commonly in the form of Bitcoin. Some common triggers include clicking on a link, downloading a file, or, in the case of this attack, spreading throughout a network of computers after impacting one user. The affected computers at the NHS displayed this message:

Screen Shot 2017-05-12 at 3.50.01 PM.png

How do these attacks start?

Unfortunately, attacks often start from a “phishing” e-mail, which is something that looks like a real e-mail with a link or attachment you download that unleashes the malware program on your computer. Sometimes, these attacks are limited to one user, but in the case of WannaCry, the program was designed to search the local network for specific weaknesses and spread like wildfire without needing anyone else to click on a link or download a file. This is why it was so devastating.  Before you chalk this all up to one careless employee, watch this video from Cisco that demonstrates just how easy it is to be a victim of a phishing e-mail: