FirstHealth Attacked with New WannaCry Ransomware Variant
FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health network, has been attacked with a new WannaCry ransomware variant.
WannaCry ransomware was used in global attacks in May this year. More than 230,000 computers were infected within 24 hours of the global attacks commencing. The ransomware variant had wormlike properties and was capable of spreading rapidly and affecting all vulnerable networked devices. The campaign was blocked when a kill switch was identified and activated, preventing file encryption. However, FirstHealth has identified the malware used in its attack and believes it is a new WarnnaCry ransomware variant.
The FirstHealth ransomware attack occurred on October 17, 2017. The ransomware is believed to have been introduced via a non-clinical device, although investigations into the initial entry point are ongoing to determine exactly how the virus was introduced.
FirstHealth reports that its information system team detected the attack immediately and implemented security protocols to prevent the spread of the malware to other networked devices. While the attack was detected rapidly, the ransomware did spread to other devices in the same work areas.
FirstHealth has issued a statement confirming the ransomware attack did not involve the encryption of patient information, and reports that its Epic EHR was unaffected. However, access to its Epic system has been blocked as part of its security protocol to prevent the encryption of patient data and the system is still inaccessible. The MyChart service is online, but no information has been uploaded to the system since the attack occurred.
Even though the attack was limited it has caused considerable disruption. FirstHealth has the arduous task of individually checking 4,000 devices spread across 100 locations to confirm they have not been infected with the virus – a process that will take a considerable amount of time.
FirstHealth is continuing to provide medical services to patients, although the health network has had to cancel some appointments and patients are experiencing delays due to the lack of access to its systems. FirstHealth said, “Our team is working tirelessly to remediate the virus and get our system back up to be fully operational.”
FirstHealth says a patch to address the vulnerability exploited by the new Wannacry ransomware variant has been developed and the patch is being applied on all vulnerable devices. FirstHealth said, “This patch will be added to anti-virus software available for others in the industry to apply to their systems,” suggesting it is not the same patch (MS17-010) that was made available by Microsoft in March to block the SMB flaw that the May 2017 WannaCry attacks exploited.