WannaCry Ransomware Is Still A Threat to The Healthcare Industry

Healthcare Patch Management

The internet has brought the world closer together by connecting remote users and organizations with one another. Additionally, it has inspired a wave of innovation that rivals most in human history. The world got smaller, people connected, as did the ability of businesses and organizations to reach clients and consumers faster.

But as with any level of innovation comes the ability for it to be used for nefarious purposes. As the world connects, innovation flourishes, and more users and devices join the interconnected web, the exploitation of these new connections steadily rises in its shadow.

In 2017, a very prominent example of such exploitation burst out of the gates in the form of the devastating malware known as WannaCry. Unlike a lot of malware that quietly embeds in devices and collects user data, this one made a big splash by outwardly holding organizations’ precious user data for ransom. Hospitals were targeted specifically, as healthcare ransomware would be something hackers felt would yield at least some ransom payments.

Effects of WannaCry

Users want to believe that their devices and data are secure. But no system is perfect or infallible, and exploitation of vulnerabilities in popular operating systems such as Windows was the malware’s main target.

Once acquired by a device, WannaCry possesses the ability to embed itself in the yet unnoticed flaws in the Windows operating system. In a world where devices are interconnected on networks, a compromise of one device is an immediate danger to all of the others. By infecting the operating systems of devices in hospitals and manufacturing organizations, it spread ravenously through the networks, infecting over 300,000 in about 4 days.

As it spread, organizations began to be exploited for ransom in order for worm to release its grip from the system. The costs of such attacks were estimated at about $4 billion. The afflicted organizations paid out about $325,000 in ransom payments to gain control back.

Why Hospitals Were So Vulnerable

Hospitals were especially hard hit, as private information of patients was compromised. Not all hospitals have the financial stability of being able to keep their devices and networks as fully secure as they should be, but even those that did have the funds fell victim to this type of healthcare ransomware.

In an industry where the patients’ safety is paramount, hospitals are often resistant to many modifications to their systems. The potential new flaws introduced by changes are regarded as carrying too much risk of instability to a system vastly reliant on being stable and secure. Therefore, many healthcare organizations continued the use of machines with outdated software.

Older operating systems get much less attention, with resources moving to the maintenance and security of newer, more widely used versions. The availability of proactive patches to flaws found decreases, leaving older operating systems with greater vulnerabilities.

Even with vigilant efforts, a device at a hospital could be infected. When infected devices are identified, and a rapid effort is made to pull them from the network, it is challenging to identify exactly how broad of a network impact was made. Adding the fact that many devices are unmanaged, increases the risk further.

A device could be pulled from the network, but the malware could have spread much further than just that sector. When these devices are deemed “fixed”, and are connected back to the network, they stand the risk of potentially reintroducing some hidden worm back into play. There is also a period of time prior to this detection to consider. The section of the network is often bridged to other networks, allowing for worms like WannaCry to hop to other network devices and continue wreaking havoc.


Once identified, the vulnerability for WannaCry was patched within a few days, but not before incurring billions in cost to the affected organizations. Recent studies have shown, however, that while WannaCry patches have been reduced, the ransomware is alive and well, estimating that 145,000 devices worldwide continue to remain infected.

These devices are also parts of their own networks. Some of these networks may include connected peripheries outside of just Windows operating systems. For example, many TVs currently equipped with “smart” technology are now part of networks. The architecture of operating systems for devices like that is not nearly as complex or as equipped as Windows, making these devices easy to compromise.

On top of that, unlike operating system providers who are typically vigilant about cranking out patches and updates on a regular basis, such is likely not the case with updates for other technology. A worm such as WannaCry, therefore, can continue to inflict damage, even though its effects are considered to be contained by larger organizations.

Microsoft WSUS Consultant

WSUS Consulting Services

Software update service for system administrators to manage Microsoft product updates
  • Help resolving common WSUS server issues
  • Solve the problem of PCs not reporting to WSUS
  • Identify and repair the common WSUS system errors
  • Fix high CPU utilization problems
  • Stop duplicate SUSClientIDs
  • Diagnose and fix failed downloads
  • Fix IIS permissions that lead to failed Windows Update Agent Error Codes
  • Using Group Policy to set WSUS agent policies
  • Troubleshooting issues with WSUS client agents

SCCM Consulting Services

Systems management software for managing large numbers of computers running multiple operating systems and application.
  • Help with the frequent updates required to maintain security and version updates
  • Develop a program to get a monthly cadence for distributing updates
  • Understanding the of conflicting reports coming from SCCM
  • Verify accuracy before starting the deployment
  • How to properly initiate Client Notification Actions
  • Troubleshooting (DRS) Database Replication Service within SCCM
  • Proactively fixing client issues
  • Fixing failed deployments so you can move on to other more important tasks
  • Fixing ConfigMgr problems
  • Integrate third party add-ins(like Ivanti) for third party updates
  • Support Wake on Lan(WOL) patching
  • Maintenance Windows feature to prevent Servers restart during business hours
  • Updates Windows 10 image during build process that way your workstation will always have the latest security updates
  • Integrate with PowerBi for better reporting

We utilize a proven 31-step patching process.

*Diagram represents a portion of our process”
Patch Management As A Service

FREE Webinar Every Thursday
from 10:00 - 11:00 AM. PST

RSVP Early - Limited Seats

$250K Cyber Insurance Coverage

Our integrated insurance coverage and breach response services includes $250,000 of cyber liability insurance (annual aggregate) with $0 deductible.

As a Patchworx℠ client, you will be protected for the cost of an actual or suspected violation of a privacy regulation due to a security breach that results in the unauthorized release of protected personal information (PPI) up to the policy limits.

PPI is defined as any private, non-public information of any kind in the merchant’s care, custody or control. This coverage territory is worldwide and is backed by a carrier rated A+ by AM Best.