FirstHealth of the Carolinas reports network disruptions from a ‘new form’ of WannaCry

A North Carolina-based health system that serves 15 counties throughout the state is grappling with system disruptions associated with what it calls a “new form of the WannaCry virus.”

FirstHealth of the Carolinas began experience network downtime last Tuesday which it traced to a malware attack, according to an announcement on its website. The health system quickly shut down its network and initiated standard downtime precautions while it combed through more than 4,000 devices and more than 100 locations connected to its network.

As of Friday, the system was still experiencing downtime. FirstHealth said thanks to the security team’s “quick response,” no patient information was compromised and no damage had occurred to the network or devices. The system was experiencing delays in appointment cancellations, but as of Friday, the downtime had not impacted emergency care.

“The virus was a new form of the WannaCry virus,” FirstHealth said in an announcement. “An antivirus patch has been developed specifically for this virus and is being implemented throughout the FirstHealth system. This patch will be added to antivirus software available for others in the industry to apply to their systems.”

RELATED: After WannaCry, experts worry healthcare’s vulnerabilities will make the next ransomware attack even worse

FirstHealth operates four hospitals across North Carolina along with dozens of specialty clinics and physician practices. A health system spokesperson did not immediately respond to a request for an update. It was not immediately clear what new form of the virus the system had encountered.  

The WannaCry malware attack first emerged in May, shutting down dozens of hospitals across the U.K.’s NHS system and left at least two major U.S. systems dealing with significant operational challenges for weeks afterward.

The attack was traced back to a vulnerability in Microsoft operating systems for which the software company had released a security patch months earlier. However, many hospitals had not updated their systems, in part because patch management continues to be an overwhelming task for health systems with hundreds of connected devices.