The WannaCry ransomware attack which devastated the UK’s National Health Service has highlighted the extreme vulnerability of medical systems internationally against a new class of criminals, reports Fortune.
A cadre of amateur hackers took advantage of security flaws in widely-used Microsoft operating systems with a technique gleaned from none other than the U.S. National Security Agency (NSA)—and consequently brought a nation’s health system to its knees while throwing patients’ lives into disarray.
It’s still too early to gauge the fallout from this digital delinquency. But the breach highlights a stark—and scary—reality about health IT: Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers, and other personal information hostage barring a big payout. In fact, the FBI has issued several stark warnings about the unique and growing threat ransomware presents to health care companies specifically in the past few months.
A 2017 Verizon Data Breach analysis found that a staggering 72% of all health care malware attacks in 2016 were ransomware. And the financial services sector is the only industry that’s targeted more than health care.
There are some obvious reasons that make the medical sector such an enticing target for criminals. For one, health information is simultaneously intensely personal, accompanied by crucial financial information, and universal—after all, health care consumerism isn’t so much a choice as it is an ontological necessity of being a human.
Microsoft’s vulnerable software was leaked from the NSA, putting hundreds of thousands at risk.
And then there’s the glacial process of health IT progress, at least on the administrative end. Medicine may be making science fiction-level advances; but the systems which house its day-to-day information have yet to receive the same 21st century jolt. Protective measures haven’t caught up with would-be attack methods, and human error—whether it be falling for phishing scams or a hospital administrator failing to change his or her password—continues to be a major hurdle to data security.Some companies are trying to tackle digital attacks with their own advanced tech.