We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated with responding to WannaCry will exceed $4 billion.
Here are our take-aways that may be a useful summary for our readers:
- The healthcare industry is particularly vulnerable to future attacks and should get prepared for them
- Make cybersecurity a risk management priority in the organization
- Implement patches as soon as they are pushed by product companies
- Share cyber intrusion information with authorities to stave off attacks and the spread of attacks
- Get that back-up plan up and running and TEST it
- You get what you pay for if you buy pirated software—which is a crime
- Pay attention to industry alerts as you receive them from the FBI and other governmental authorities
- Consider purchasing appropriate cyber liability insurance to cover losses associated with cyber attacks, data breaches, ransomware and business interruption, and use a broker who is familiar with appropriate coverage
- Check out the resources published by US-CERT and the Disaster Information Management Research Center on WannaCry
- Get involved in the debate of whether the government should share known cyber vulnerabilities with companies—the debate is around whether government intelligence services should balance the use of vulnerabilities in software for espionage and cyber warfare with sharing their findings with technology companies so they can secure the flaw.