The fall-out from WannaCry continues, particularly in the healthcare sector.
There are new reports that WannaCry affected at least two hospital systems in the U.S. and encrypted medical devices (power injector systems) in the hospitals.
There are additional anecdotal reports that other medical devices were affected by WannaCry. According to medical device company spokesmen, if a hospital’s network was exposed to WannaCry (or any other successful ransomware attack), then medical devices attached to the hospital’s network could also be exposed. Medical device companies are working with the hospitals that were affected by WannaCry.
Hospitals that patched the vulnerability were not affected, which again emphasizes the importance of pushing patches.
Nonetheless, understanding the ramifications of ransomware to all devices connected to the network is crucial to a risk management program, particularly since the hackers–Shadow Brokers–are threatening to release new exploits on a monthly basis that will cripple the healthcare (and other) industries.
Predictions are that wide reaching massive exploits are the new reality and will continue to hit companies, including the healthcare industry, frequently. Protecting medical devices from these exploits may save lives.