Skip to main content

Impact of WannaCry on the Healthcare Industry

By John Chirhart, Federal Technical Director, Tenable

The recent WannaCry attacks are a stark reminder that cyber- attacks don't always discriminate on its victims. The ransom amount ($300) is a sign that this attack targeted both citizens and businesses. Though expensive to the average citizen, the hidden cost of the attack is what really deserves notice. The NHS' hospitals were severely affected by the attack. Though no official reports have been produced, this attack could have very well cost human lives. The disruption of medical services even by minutes can make the difference between life and death. Even in combat, hospital facilities and medical personnel are off-limits. Article 14 of the Geneva Convention strictly forbids the attack of medical facilities and personnel.

It is rumored that the technology behind the WannaCry attack came from a leaked cyber capability created by a nation state. If proven true, this amounts to someone stealing a weapon from a military and using it against innocent citizens. This attack put lives at risk for financial gain. One could argue that this was a terrorist attack and possibly even a war crime. It will be interesting to see what legislation and/or international response will come (if any) about the attack. It would be a truly remarkable day if we can see a cyber-attack discussed/condemned before the United Nations Security Council.

Attack and IoT
The ransom amount ($300) was likely designed to target users desperate to retrieve their digital memories collected over the years. Though expensive to a regular user, the amount was "feasible" in terms of total potential loss. In a nutshell, it was a business decision. One area where this is not the case is Operational Technology (OT) devices. A big buzz word these days is IoT or Internet of Things. The security research teams at Tenable, affectionately refer to IoT and other similar technologies such as Industrial Control Systems (ICS) as OT.

The impact of WannaCry on OT is far greater than imagined. For example, medical devices such as Computed Tomography (CT) Scanners are connected to control systems. These control systems often run "legacy" operating systems such as Windows XP. Merely reloading the operating system on these controllers can cost thousands of dollars and leave the device down for service for days. A CISO for a major U.S. hospital chain recently confided that it costs $10,000 to "reload" the controller for one CT device. The total cost of the attack could easily reach levels previously unimaginable.

Popular posts from this blog

Radisson Blu Hotel, Dubai Improves Guest Wi-Fi Coverage and Performance with Aruba Wireless Solutions

Radisson Blu Hotel, in Al Sufouh at Dubai Media City has recently deployed wireless infrastructure from Aruba, a Hewlett Packard Enterprise Company, to deliver secure, seamless, high-speed, wireless internet connectivity across its hotel rooms, suites and public areas. The implementation has resulted in improvement in rating of Wi-Fi services and drastic reduction in volume of IT help desk calls, besides the fact that the design of the Access Points (APs) blends seamlessly with the hotel aesthetics and AP management, monitoring and troubleshooting has become centralized and simplified.

Amazon.in launches “Smart Living Store”

How would it be if you could stream online videos or browse websites on your TV? How about a device that could measure your level of activity throughout the day? How would it be if a device helps keep your home secure? With the Smart Living Store you can find out! Amazon.in announces the launch of “Smart Living Store” - a dedicated store aimed at providing customers the one stop shop for all smart devices across various product categories.

Pi DATACENTERS Achieves Uptime Institute Tier IV Design Certification

Pi DATACENTERS, India, an enterprise class datacenter and Cloud service provider based at Amaravati, the new capital region of Andhra Pradesh, today announced that the company has been awarded Uptime Institute Tier IV Design Certification, achieving the highest standards for infrastructure, functionality and capacity as demonstrated on the design documents. To earn a Tier Certification of Design Documents, a facility is evaluated on mechanical, electrical, structural and site elements, and certified facilities also receive expert recommendations to enhance Operational Stability over the long-term.
“We are pleased to award Pi DATACENTERS with the Uptime Institute Tier IV Design Certification,” said John Duffin, Managing Director, South Asia, Uptime Institute. “Achieving a Tier IV Fault Tolerant Design Certification illustrates that the facility meets the highest standards for infrastructure functionality and capacity as demonstrated on the design documents. This ensures that plans are…