Share this article on:
Recovery from the WannaCry ransomware attacks was a long and complicated process for many healthcare organizations. Recovery from the recent NotPetya attacks has also been problematic.
In contrast to WannaCry, NotPetya is not actually ransomware. While it bears a number of similarities to a strain of ransomware called Petya, the virus is actually a wiper. The attacks initially appeared to involve ransomware, but the aim of the attacks was to wipe out computers and destroy data. A ransom demand was presented on screen claiming payment of a ransom would allow an organization to obtain the keys to unlock data, but access to files cannot be restored as the decryption keys do not exist.
Attacks in the United States were limited, with five known healthcare victims. Princeton Community Hospital in West Virginia is one of the organizations struggling to recover.
Princeton Community Hospital has been attempting to bring its systems back online since the attack last Tuesday. The hospital reports that attacked devices cannot now be used on the hospital’s network. The hospital is having to replace its entire network, including installing new hard drives on all affected devices.
The NotPetya attack caused considerable disruption, although the hospital quickly restored basic access to medical records by installing new computers at strategic points around the hospital. Medical records, details of medications and allergies and other essential information could therefore be accessed through the computers. Efforts are continuing to implement a new network.
Employees have been told on social media and via its website that the attack also took out the quick charge system in the cafeteria, the Meditech payroll system and the Kronos time system.
Even though computer systems were severely affected, inpatient, outpatient and radiology services continued to be provided, although there have been some delays, especially for non-emergency patients. The hospital said it would take a few days for the network to be rebuilt and for significant functionality to be restored.
The Heritage Health System was also affected, with much of its network of hospitals, satellite and community facilities affected. Pharma firm Merck was also attacked, as was Nuance, a Massachusetts based vendor of dictation and transcription services for the healthcare industry. In total, approximately 2,000 other organizations in 65 countries around the globe were affected. Approximately half of the attacks were on industrial organizations, with Ukraine hit particularly hard.
Many more healthcare organizations are likely to have been affected, although it is likeloy to be some time before the scale of U.S. attacks is known. Indicators of compromise have been shared with HITRUST via its cyber threat information exchange platform, although since information is shared anonymously it is unclear which organizations have been affected. Ransomware and other virus attacks that involve ePHI compromises are reportable to the Office for Civil Rights, although since covered entities have up to 60 days to report incidents it is likely to be several weeks before all covered entities affected by NotPetya are known.