Hacking Attack Has Security Experts Scrambling to Contain Fallout | The New York Times
Governments, companies, and security experts from around the world raced to contain the fallout from last week’s audacious global cyberattack amid fears that if they did not succeed, data would be lost forever unless ransom demands were met. The efforts came less than a day after malicious software (“WannaCry”) that was stolen from the National Security Agency (NSA) infected more than 300,000 computers across nearly 150 countries in one of the largest “ransomware” attacks on record. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx, German transport giant Deutsche Bahn, and the Spanish telecommunications firm Telefónica. Healthcare organizations were hit particularly hard given that their computer networks are often older, unpatched, and lack strong cybersecurity measures. The British National Health Service was one of the largest institutions affected, with ambulances and doctors’ offices impacted in 45 of its hospitals, cancellation of non-vital surgeries, and certain hospital operations shut down.
This ransomware began with unsolicited emails, which are typically designed to trick the user into clicking a link or downloading an attachment. Once the link is clicked or the attachment opened, the ransomware leverages a known flaw in Microsoft Windows and begins to replicate itself and spread around whatever computer network that individual computer is connected to. In addition, the ransomware forces the computer to run the malicious code that encrypts all sorts of files – once those files are encrypted and locked-away from the user, the attacks then ask for a ransom payment (often in Bitcoin) to release the data. While a British cybersecurity researcher inadvertently found a way to stop the ransomware from spreading after less than 48 hours, the attack has set off fears that the effects of the continuing threat will be felt for months, if not years. This week, a new flaw found in widely used networking software could leave tens of thousands of other computers and additional medical devices potentially vulnerable to a similar attack, and many of those computers are feared to be too old be patched or fixed. And while the latest ransomware attack was certainly not the only internationally scaled cybersecurity threat in recent years, this attack’s consequential impacts served as a stark reminder of the significant vulnerabilities at the intersection of technology and medicine.
With an eye towards mitigating similar cyber attacks and increasing preparedness and resilience to cyber risks, the Pell Center conducted a cybersecurity tabletop exercise just three days before the WannaCry attacks, focusing specifically on the challenges and potential responses to growing cyber threats in the healthcare sector. The exercise included a similar ransomware attack to the WannaCry one, in addition to a series of other cyber intrusion scenarios (i.e., disruption of services, email spoofing, phishing attack directed at patients, DDoS attack, data exfiltration) created to identify weaknesses common in the healthcare industry. The exercis was also designed to show how different cyber threat vectors can infiltrate even the most sophisticated computer systems and networks, and also to explore possible remedies and incident responses. The overall objective was to provide healthcare organizations and state agencies with greater insight into the specific cybersecurity issues they face and to explore possible responses and mitigation strategies that could lead to industry-driven solutions.
Various stakeholders participated in this event, including over 60 healthcare providers, practitioners, and insurers, as well as representatives of the RI Department of Health, RI Office of the Health Insurance Commissioner, and law enforcement agencies. The event targeted not just IT administrators and technicians, but also senior managers, security directors, CISOs, CIOs, communication, and HR personnel who all have important roles and responsibilities during a cyber incident. In light of the WannaCry attack and our cybersecurity exercise, we recommend that organizations ensure all software and anti-virus programs are up-to-date; patch operating systems as soon as updates are available; align security controls with the risk and impact to the organization; prioritize responses and resources; educate all employees about malicious content and how to identify and avoid it; limit employee access to resources that aren’t necessary for daily workflow; and join forces with trusted third parties, internal staff, law enforcement, and security organizations.
This event was part of the Rhode Island Corporate Cybersecurity Initiative (RICCI), an ongoing effort aimed at bringing together senior leaders from various sectors in Rhode Island who can affect change and make the state more secure and resilient to cyber threats. In addition, Congressman Jim Langevin (RI-D) joined the group a keynote address on the future of the healthcare law and on best practices to strengthen the cybersecurity posture of healthcare organizations.