WannaCry attack, which impacted healthcare in May, blamed on North Korea

The WannaCry ransomware attack which affected hospitals in the United Kingdom and medical devices in the U.S. was the work of hackers in North Korea, according to Homeland Security adviser Tom Bossert.

The National Security Agency had linked the attack to North Korea soon after it occurred, affecting hundreds of thousands of devices across 150 countries. In a briefing at the White House on Dec. 19, Bossert said they “now have the evidence to support this assertion,” finding a “concerted effort” behind the attack which the U.S. believes was directed by the North Korean government.

“The consequences and repercussions of WannaCry were beyond economic,” he wrote in an opinion piece published by the Wall Street Journal. "The malicious software hit computers in the U.K.'s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk.”

The virus was spread by exploiting a security vulnerability in older versions of Microsoft’s Windows operating system, which has later traced back to a stolen NSA cyber tool. Many British hospitals which were affected hadn’t applied a March security patch which covered this vulnerability or were using much older operating systems, such as the 16-year-old Windows XP. In the U.S., the impact was more limited, as the virus was only reported to have infected some Bayer and Siemens medical devices.

Bossert said future attacks can be mitigated by private sector organizations, including those in healthcare, alerting government agencies when they receive phishing emails or other signs of a cyberattack.

“We want them to increase our sharing of information with us, and then as we move forward and become more sophisticated in this administration, we’re going to ask them to look into sharing more technical information on how they’re architected and where their exposure points are,” he said.

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup