In the wake of a cyberattack that struck organizations across the globe, Charleston hospital officials are confident of their readiness for a ransomware strike. Yet systems can't be too careful, an expert in cybersecurity said.
Hackers used software stolen from the National Security Agency to spread WannaCry, which locks a computer's data and holds it hostage until the user pays a ransom. Over 230,000 computers were affected in 150 countries, according to Phishlabs, a cybersecurity company based in Charleston. Among those affected was the National Health Service in the United Kingdom. Non-emergency visits were canceled and staff was instructed to switch to using paper records.
Hospitals are particularly vulnerable to ransomware attacks. They are large systems that depend on sensitive patient information to operate. Local hospital leaders were clear they are prepared for a ransomware attack like WannaCry, but Joseph Opacki, Phishlabs' vice president of threat research, warned systems to be constantly prepared for an attack.
"A lot of people were caught off guard by WannaCry, even though the vulnerabilities were known months ago," he said.
It is still not known how WannaCry initially infected computers. Opacki said a phishing scheme, where computer users click on a fraudulent email, has largely been ruled out. Organizations were put at risk after a hack into an old version of Windows was leaked from the NSA.
Keith Neuman, vice president and chief information officer for Roper St. Francis, said no such vulnerability exists at the hospital system. He was confident Roper St. Francis would be prepared for a ransomware attack.
"Their data is safe with us," he said. "We take all necessary steps to keep it that way."
Neuman said his team responded quickly to the May 12 attack. Reminders were sent to staff to not open suspicious emails or provide any personal information. Neuman said he has been working with local and national law enforcement, as well.
No hospital system in the area — including Roper St. Francis, the Medical University of South Carolina, Trident Health and the Ralph H. Johnson VA Medical Center — reported any impact from WannaCry. Each systems' officials said they were sure their systems are secure.
The VA took immediate emergency measures to guard against a ransomware attack, Meredith Hagen, a public affairs specialist at the VA, said in a prepared statement. The VA blocked all email attachments with a ".zip" extension and restricted access to email websites like Gmail and Yahoo from VA computers.
Communications were sent to employees at Trident Health and MUSC following the attacks, too.
Trident has a detailed recovery procedure in place in the event of an attack, said Rod Whiting, spokesman for Trident Health.
The MUSC community was advised to upgrade their home computers with updated securities. Matt Klein, chief information security officer for MUSC, said the system is under attack daily, just like other health care and higher education organizations. Attackers test the hospital system's security constantly, Klein said in a prepared statement.
Opacki said large, spread-out systems often struggle to implement security policy across their organizations. NHS was vulnerable because the system was still using Windows XP, an operating system that is two generations behind and no longer supported by Windows. A patch to fix the potential hack was released when the vulnerability was discovered, but it hadn't been implemented across the board.
Yet Opacki said he has seen the health care industry make strides in information security, especially in the last two years. It is a slow process for an industry that worked with paper records for decades.
"We're talking about an older structure that's trying to join the digital age," he said.
Opacki said backing up patient information, patching software and communicating with individual employees will reduce the risk a hospital system has of being vulnerable to a ransomware attack. Hospitals should lay these foundations to protect themselves. But he said it's only a matter of time between the next, more advanced ransomware attack.
"You're never fully secure," he said.