Three weeks after the WannaCry malware virus encrypted IT systems across the globe, two large health systems in the U.S. are still dealing with the aftermath.
Despite reports that the U.S. healthcare system was largely spared from the WannaCry attack that affected hospitals in the U.K.’s health system, the Department of Health and Human Services (HHS) issued an alert Monday indicating the agency knows of two “large, multi-state” hospital systems that are dealing with “significant challenges to operations because of the WannaCry malware.”
HHS offered no information regarding which two systems are still affected or what operational difficulties those systems were currently facing, but noted that the “virus can persist on a machine that has been patched” and disrupt the operating system as it scans the network.
The agency warned providers that the virus could persist on computers that were infected prior to a patch update.
“A newly patched system could have been previously infected, and if so, would still scan for other vulnerable systems and/or encrypt files,” the notice read. “Patching a system is similar to how in physical medicine, a quarantine will prevent an infection from spreading however will not cure the patient who has been quarantined.”
HHS recommended hospitals patch systems and disable Windows’ Server Message Block version 1 (SMBv1) protocol on all devices and on the firewall if possible. Systems should also consider quarantining devices where SMBv1 cannot be disabled.
The alert came days after the HHS Cyber Security Task Force released a comprehensive report detailing the security gaps across the healthcare industry.
Previous reports indicated that medical devices manufactured by Bayer and Siemens were infected with the WannaCry virus, but there have been virtually no reports of hospital disruption. Some said U.S. businesses had more time to react to the virus, while several cybersecurity experts have warned that the next attack could have much more substantial disruption to patient care.