WannaCry: How Organizations Can Protect Against it

May 2017

The May 12 WannaCry ransomware attack took down 47 of the U.K.’s 248 National Health System (NHS) trusts. As of May 15, seven were still recovering. The attack, potentially the largest the world has seen, hit healthcare—an industry uniquely at risk to cyber incidents—the hardest.  

U.S.-based healthcare organizations were largely spared this time around, but the WannaCry attack is likely just the first of its kind. Here are top takeaways for healthcare organizations:
  1. This attack is different—and likely not the last, especially for healthcare providers. WannaCry is purportedly based on one or more of the exploits leaked within a cache of powerful NSA hacking tools in April. The May 12 attack was slowed because a) Microsoft issued a patch to the exploit for outdated versions of Windows operating systems it no longer supports, and b) a British security researcher discovered a “kill switch.” But neither fix helps systems already infected, and hackers could create a new strain of WannaCry that bypasses both.
  2. Healthcare has a target on its back. The industry is the only one that combines the jackpot of highly valuable bulk datasets like personal health information, personally identifiable information, payment information, medical research and intellectual property. That, combined with its reliance on end-of-life technologies and prioritization of fast access to data over data security, makes it an attractive target to hackers.
  3. Treat ransomware like a medical emergency… and remember, prevention is the best cure. A ransomware infection that blocks access to critical medical data can put patients’ lives at risk, when every second is important. Before a scenario occurs that endangers patients, healthcare organizations should ensure they have preventive measures in place.

The FBI outlines some of those measures in its private industry FLASH alert, including:
  1. Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017. (Organizations using unsupported Windows operating systems including Windows XP, Windows 8 and Windows Server 2003 should follow customer guidance from Microsoft.)
  2. Enable strong spam filters to prevent phishing e-mails from reaching end users. Authenticate in-bound e-mail using technologies like Sender Policy Framework, Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail.  
  3. Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users. 
  4. Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  5. Have regular penetration tests run against the network, no less than once a year, and ideally, as often as possible/practical. 
What if preventive measures fall short? Read more here: https://www.bdo.com/insights/consulting/a-cyberattack-of-unprecedented-scale.

Don’t miss the latest BDO News and insights – subscribe here.