WannaCry Not Finished With Healthcare

Two Large U. S. Hospitals Still Dealing with Attack

Yesterday, more than three weeks after the first WannaCry attack, the U.S. Department of Health and Human Services reported that two large multistate U.S. hospital systems are still facing significant operational challenges because of the WannaCry malware. On patched devices, the virus stopped short of encryption but has been able to disrupt operations on Windows operating systems – the particular effects vary depending on the version of Windows on the device.

Note – if your device was infected and you patched the software afterward, you have weakened, not stopped, the potential bad effects.

Action Steps

If you believe your system has been attacked by WannaCry, or any other powerful disruptive hack, you should notify your IT staff immediately, consult with your lawyer who will help navigate reporting to law enforcement and other regulatory agencies, and work with your vendors for a coordinated defense and mitigation plan. And always install patches from your software providers to keep software up to date.

HHS Recommends

  1. Contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#field)  to report a ransomware event and request assistance.
  2. Report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
  3. **NEW** If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov