Ransomware throws hospitals into chaos

A ‘cyber weapon’ built by American spies was used in a global ransomware attack that disrupted British hospitals.

Thousands of patients across England and Scotland had operations cancelled and hospitals were forced to divert ambulances when an international cyberattack hit computer networks of Britain’s National Health Service (NHS) last month.

Patient data, test results, schedules and other vital files were encrypted by ‘ransomware’ known as WannaCry or WannaCrypt, causing chaos and paralysis.

“At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” a doctor told the Guardian.

“ I know the staff will do their very best to keep looking after everyone but there are no robust systems in place to deal with blackouts like this,” he said.

“It will… impact patient safety negatively, even if that impact can’t be clearly measured.”

Nurses were unable to print identity tags to put round the wrists of newborns and new parents reportedly suffered delays in being discharged from the maternity ward at Royal London Hospital after computer systems went down.

The opposition Labour Party accused the Conservative government of leaving the NHS vulnerable to cyber attack by starving it of funds to upgrade IT.

Many NHS hospitals still use Windows XP, an outdated system that has not had tech support for two years. The WannaCry ransomware exploited vulnerabilities in older versions of Microsoft Windows.

WannaCry locked users out of their computers and encrypted their files, demanding they pay US$300 – a price that doubled after three days – to receive a decryption key or risk having their files deleted.

Ransomware was stolen from NSA

Russia was the worst affected country with major attacks reported on its railway system, phone companies and banks. In China, traffic police and schools reported they had been targeted.

Australia appeared to have escaped relatively lightly with only a few attacks reported.

Microsoft has confirmed that the United States National Security Agency (NSA) was largely responsible for the chaos.

The NSA discovered a major vulnerability in Microsoft’s operating systems, but instead of warning Microsoft about it, they created, or bought, software to take advantage of it.

It is not known whether the NSA ever used the software for a cyber attack. But a criminal hacking group stole pieces of WannaCry code known as “exploits” from the NSA earlier this year.

Microsoft President and Chief Legal Officer Brad Smith criticised the NSA for their major role in spreading the ransomware epidemic.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Smith said. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”

The US government’s mishandling of “exploits” in their possession had allowed them to leak into the public domain and cause “widespread damage”, Smith wrote, adding that an “equivalent scenario… would be the US military having some of its Tomahawk missiles stolen.”

Smith called on governments to “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new ‘Digital Geneva Convention’ to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.” ■