Last Friday, hospitals in the UK, a part of the National Health Service (NHS) were hit by a large ransomware attack that officials are calling WannaCrypt, a malicious virus that spread through phishing emails and on unpatched systems as a computer worm. The virus itself is a type of ransomware that threatens to publish information from the actual victim’s computer rather than denying the victim his or her computer. Chrissa McFarlane, Founder of Patientory, a leading provider of blockchain solutions for the healthcare industry, says “This type of ransomware is actually worse than just locking a victim’s computer because organizations are now prone to private medical information being spread over the internet.”
Reports have said Friday’s attack was one of the world’s largest coordinated cyberattacks, and have tied it to hackers using leaked NSA tools. Because of the attacks, patients were turned away, surgeries had to be postponed, and ambulances were rerouted. McFarlane notes, “In a sense, when you look at the many operations that go into a healthcare ecosystem, damage from the attack could have been much worse if it wasn’t stopped sooner. Thankfully, no fatalities have been reported. That said, I think there are a number of things healthcare organizations should be doing to protect themselves and this is a clear indicator they’re falling behind the curve.”
Blockchain may be part of the answer to preventing attacks like these from occurring in the future. Blockchain technology is a distributed database that maintains a continuous record called blocks which are encrypted and secure from any tampering or revisions. It’s used to encrypt and de-identify private health information, which is then dispersed throughout the network. McFarlane says, “In the case of WannaCrypt, it would have been hard for attackers to access the data without the keys that are necessary to unlock and decrypt the data.”
WannaCrypt targeted Microsoft Windows operating systems and while Microsoft issued a patch to remove underlying vulnerabilities, there were delays in applying security updates. According to McFarlane, “Blockchain protects users without needing to upgrade your system. It’s actually a more cost effective way of protecting yourself. The bottom line is that more must be done within the healthcare industry to prevent this from occurring again.”
McFarlane shares some best practices for organizations such as basic system infrastructure maintenance, ensuring security protocols remain up-to-date, and having measures in places to safeguard information. She adds, “having international standards in place is really the key to ensuring the best protection from this type of attack in the future. And by employing blockchain as a standard – that is something that can be used across borders.”