Cyberattacks shut down more hospitals


As enterprises infected with PetrWrap malware last week are still recovering, the impact of the malware hit some industries harder, and the only victims certainly weren’t virtual or data. This shows just how vulnerable the most vulnerable can be under such attacks.

The attack resulted in hospital computers knocked offline, with some hospitals going fully manual and surgeons being forced to reschedule surgeries.

According to this Associated Press story, Heritage Valley Health “working to determine” whether patient information stolen in cyber attack, fortunately no such evidence has been found so far, spokeswoman Suzanne Sakson told the AP.

However, as reported, the Heritage Valley Health System said that two of its hospitals hit by the malware were forced to reschedule some surgeries, while lab and diagnostic offices were shut down. Some patients were directed to return in five to seven days.

It’s unlikely patient data was stolen in this attack, but taking the steps to discern if any data was leaked and assess the attacks impact is the right thing to do.

Replacing an entire network

Heritage Valley Health wasn’t the only health system impacted by PetrWrap. In fact, The Wall Street Journal reported in its story, Cyberattack Forces West Virginia Hospital to Scrap Computersthat Princeton Community Hospital was affected as well. To be clear, the story isn’t about the hospital scrapping it for a day or two to regain control of their network and endpoints. No. The decision was to completely scrap, as in replace, their entire network after being hit by Petya.

“Officials were unable to restore services, and found there was no way to pay a ransom for the return of their system. So, after consulting with the Federal Bureau of Investigation and cybersecurity experts, officials made the decision to replace the system,” the Wall Street Journal reported. “Now, doctors, nurses and other hospital staff are adjusting to what will be days of working off paper forms to record vital signs, order medications and scribble notes,” the paper continued.

As we covered in What we now know about PetrWrap, the malware struck organizations in the United States. According to some reports, PetrWrap is ransomware that has attackers demanding a ransom to be paid. The attack aggressively swept through government agencies, small businesses, healthcare providers and multinational corporations. As Dan Goodin reports, PetrWrap may have been not ransomware but a wiper. His reporting indicates the attack was designed to destroy data, not extort users.

Serious and scary

It’s bad enough seeing such attacks hitting systems and data. It’s another thing entirely to see the actual delivery of care postponed because of malware attacks. What happens to patients arriving via ambulance? Are they turned away to another hospital? How many minutes does that delay care in an emergency?

It’s as serious a question as it is scary. According to the Verizon 2017 Data Breach Investigations Report released early this year, of all of the malware attacks in 2016, a stunning 72 percent were caused by ransomware.

That’s a serious problem anywhere — but it’s an extraordinarily serious problem when it’s hitting the healthcare system.


What we now know about “PetrWrap”

Worse than ransomware? That’s just great.

Lessons learned from the WannaCry ransomware attacks


  1. […] Cyberattacks shut down more hospitals […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.