Medical Devices Reportedly Infected in Ransomware Attack

Elizabeth Snell | Health IT Security | May 16, 2017

The recent WannaCry ransomware attack that infiltrated more than 150 countries and forced some European healthcare organizations to suspend certain services reportedly infected certain medical devices as well. HITRUST explained in an email update that its investigations found that MedRad (Bayer), Siemens, and other unnamed medical devices were infected. Furthermore, Indicators of Compromise (IOCs) “were identified within the HITRUST Enhanced IOC program well in advance of last Friday’s attacks,” the organization stated.

“HITRUST is reaching out to healthcare organizations and trade associations to provide information to detect, prevent and remediate the threat and associated malware,” HITRUST said. “HITRUST identified the IOCs in advance of last Friday and published them to the HITRUST CTX and has been publishing guidance continuously since Friday, May 12th.”

The WannaCry ransomware attack targeted Microsoft’s Windows operating system, and also utilized the EternalBlue exploit that was allegedly developed by the National Security Agency (NSA). EternalBlue exploits Microsoft’s Server Message Block protocol. Healthcare organizations typically still use Windows XP and Windows Server 2003, which are no longer supported and updated by Microsoft. Microsoft released a security update, MS17-010, on March 14, 2017. However, had organizations not yet installed the update the malware may have been able to have easier access to the systems...