Cybersecurity experts warned that businesses around the world could face a second wave of ransomware attacks this week following Friday’s attack that infected more than 200,000 computers in 150 countries, including hospitals in Britain.
Officials with Europol, the European Union’s law enforcement agency, told The Guardian that businesses across the globe were likely to see a fresh round of attacks when employees returned to work on Monday. Copycat variants of the malware could also contribute another wave of attacks this week after a 22-year-old British researcher that goes by the name “MalwareTech” stumbled on a “kill switch” that slowed the spread of the initial virus.
NHS hospitals, which were forced to divert patients from the emergency room and cancel scheduled surgeries on Friday, were slowly recovering from the attack. NHS Digital was offering 24/7 support to hospitals affected by the attack, nothing that the “vast majority of NHS organizations” are running contemporary systems.
NHS Barts Health, which operates four hospitals in London, was still dealing with the aftermath of the attack on Monday morning. Although the system was accepting patients to its emergency departments and no longer diverting ambulances, Barts continued to “experience IT disruption” Monday morning and had reduced the volume of planned services.
Britain's defense secretary, Michael Fallon, told the BBC over the weekend that NHS was repeatedly warned about cyberthreats and was given £50 million to update its systems. Europol Director Rob Wainwright added that the WannaCry attack is “unprecedented in scale” and told British journalist Robert Peston that the attack “sends a very clear message that all sectors are vulnerable.” He urged NHS to follow the example of the financial industry that has invested in cybersecurity.
In the U.S., President Donald Trump appointed his homeland security adviser, Thomas P. Bossert, to coordinate a response. Bossert told ABC News on Monday that “for right now, we’ve got it under control.” The deputy director for health information privacy at the HHS Office for Civil Rights warned providers to be careful about opening email attachments.
HHS is aware of a significant cyber security issue affecting hospitals & health systems. Be xtra careful about opening e-mails/attachments.— Deven McGraw (@HealthPrivacy) May 12, 2017
As of Friday, HITRUST said it had not received any reports of an attack on a U.S. hospital.
After indicating that it had seen “evidence” of attacks on Friday, the Department of Health and Human Services issued an update over the weekend warning providers that attackers were scanning the internet for Remote Desktop Protocol (RDP) servers as an entry point for the malware.
“Once connected, an attacker can try to guess passwords for users on the system, or look for backdoors giving them access,” HHS said in an emailed statement. “Once in, it is just like they are logged onto the system from a monitor and keyboard.”
In a blog post published on Sunday, Brad Smith, Microsoft’s president and chief legal officer, called out the U.S. government for “stockpiling” vulnerabilities, noting that the WannaCry malware used in the attack was stolen from the NSA and published by hackers. Smith urged the government to report vulnerabilities to vendors “rather than stockpile, sell or exploit them.”
“The governments of the world should treat this attack as a wake-up call,” he wrote. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
Several former government officials also weighed in on the attack, highlighting the importance of updating and securing health IT systems.
We don't talk enough about security of our healthcare infrastructure. We need to get 1000x better for whats coming https://t.co/nMJE42351N— dj patil (@dpatil) May 12, 2017
Don't agree w premise here. Some devices have outdated operating systems, but no regulatory reason not to apply routine security patches https://t.co/5lwDWpW4yN— Farzad Mostashari (@Farzad_MD) May 13, 2017
Today, especially. Keep your patches up to date every day. https://t.co/xwZKIRlOvW— Lucia Savage (@SavageLucia) May 12, 2017
At least one legislator noted that the largest cyberattack to date highlighted the acute concerns around cybersecurity, particularly for hospitals.
“This is big: around the world, doctors and nurses are scrambling to treat patients without their digital records or prescription dosages, ambulances are being rerouted, and millions of people’s data is potentially exposed,” Sen. Ben Sasse, R-Neb., said in a statement. “Cybersecurity isn’t a hypothetical problem—today shows it can be life or death. We’ll likely look back at this as a watershed moment.”