In an email cyber notice, the U.S. Department of Health and Human Services (HHS) is warning healthcare provider organizations that there are ongoing impacts to the U.S. healthcare sector from the WannaCry malware.
The Wanna Cry or Wanna Decryptor ransomware virus swept the globe last month and virtually shut down several dozen regional health authorities within the National Health Service of the United Kingdom, while simultaneously impacting the operations of such diverse entities as Spain’s national telephone service, La Telefónica; Germany’s railway system, Deutsche Bahn; automotive plants of the French car manufacturer, Renault; the Russian Interior Ministry; and universities in China and Taiwan.
In its notice sent out as part of Office of the National Coordinator for Health IT (ONC) and the Office for Civil Rights (OCR) list serves, HHS stated that the department is aware of two, large, multi-state hospitals systems in the U.S. that are continuing to face significant challenges to operations because of the WannaCry malware. HHS specifically notes that this not a new WannaCry attack.
The virus can persist even on a machine that has been patched, however, the virus will not spread to a patched machine, but the attempt to scan can disrupt Windows operating systems when it executes. The particular effect varies according to the version of Windows on the device, HHS stated.
WannaCry ransomware is a fast-propagating worm which exploits Windows’ Server Message Block version 1 (SMBv1) protocol to move through a network or infect other systems on the Internet. However, according to HHS in its notice, SMBv1 might not be the only vector of infection for WannaCry, so even patched systems could still be infected if the malware is introduced to the system in a different manner.