The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

Three Lessons Providers Should Learn From WannaCry

To an industry notoriously slow in its embrace of new technology, the WannaCry ransomware attack should serve as a wake-up call. While it paralyzed computers the world over, WannaCry seemed to have had an outsized effect on the healthcare industry; it hijacked the systems of dozens of National Health Service (NHS) facilities in the UK as well as computers in medical practices all over the world.

No medical professional wants to turn away patients or shut down operations because malicious actors were able to hold their critical data for ransom, but at least some good news came out of this nightmare scenario. Healthcare practices all over the world are now asking themselves what they can do to prevent hackers and criminals from successfully attacking their systems. By incorporating valuable lessons from WannaCry, hospitals can shore up their IT defenses and help prevent future malware attacks. What follows are some of the most valuable lessons healthcare providers can take away from WannaCry.

Update Your Systems

It may not seem like a major concern for hospitals running their day-to-day operations, but outdated systems - ones that are no longer supported or updated by developers - are much more likely to have vulnerabilities that can be exploited by malicious actors. WannaCry spread across computer networks by exploiting a Windows vulnerability that hackers stole from an NSA leak. While Microsoft released a fix for the vulnerability on March 14, the fix did not cover Windows XP, which Microsoft stopped supporting in 2014, and which many computers in NHS hospitals were still running when WannaCry struck.

Even though Microsoft eventually pushed out a Windows XP update to patch up the vulnerability exploited by WannaCry, it was only after the bug had already infiltrated computers all over the world. For future vulnerabilities, companies may choose not to release fixes for outdated systems - and they will definitely choose not to apply such fixes to unlicensed software. In countries like China and Russia, which have avoided implementing strong intellectual property policies, WannaCry has had an outsized effect, since it was able to spread much more easily across systems that ran unlicensed, and therefore outdated, software.

Choose Subscription Software

Of course, ensuring that every operating system and every application is up-to-date can be a time-consuming process. One way practices can avoid having to manually update some systems is by choosing software services (like pMD!) that work on a subscription service model, which are less likely to provide outdated software. By nature, subscription services are constantly updated by developers and automatically deployed to users. Though Microsoft did release a fix for the WannaCry vulnerability in March, a whole month before the malware started actively exploiting it, millions of Windows machines had evidently failed to update and install that fix at the time it struck.

Train Your Staff

Many cases of malware can be prevented with effective staff training. Though the WannaCry malware spread from computer to computer automatically, worming its way across computer networks, many other malware instances enter computer systems when victims themselves inadvertently expose their systems. Employees across all levels of the practice should:

  • 1.  Never click on suspicious links or open suspicious messages, and should always report suspicious activity to their IT administrator or to another appropriate person in their organization

  • 2.  Pay close attention to their passwords by not using the same password everywhere and by enabling two-factor authentication

  • 3.  Always make sure their systems are up-to-date (see the first section of this blog post!). Practices that put in place long-term security education programs that raise awareness of such risks as phishing attempts can prevent future malware attacks and decrease their risk of infection significantly.

For healthcare practices all over the world, the trade-off between cleaning up the mess after these types of malicious attacks and spending the extra time and energy it takes to maintain a proactive technological defense has always existed. However, the wide-reaching and extremely visible effects of the WannaCry attack may have raised the stakes, and will hopefully convince much of the healthcare industry to choose the latter option. Before the next WannaCry strikes, the industry should make sure to be better safe than sorry.
ACA ACI Advancing Care Information AHCA AHRQ AI Alternative Payment Model Android Apple Artificial Intelligence BCRA Best Places to Work Big Data BPCI BPTW Bundled Payments Care Communities care coordination CDC Charge Capture Charge Capture App Charge Capture Software Charge Capture Solution Charge Capture Statistics Charge Lag CHIP CIO Clinical Communication Clinical Data Registry CMS Conferences custom reports Customer Interaction cybersecurity Developer DHHS dotmed EHR Electronic Charge Capture epidemic FDA Flu fundamentals Goals Health Care Health Care Technology Health Care Web Health Information Exchange Healthcare HIE HIPAA HIPAA-Compliant Hospital Census Hospital Communication IA ICD-10 ICD-11 Improvement Activities Inc Magazine interoperability iOS iOS 8 iOS7 iPad iPhone iPhone 6 MACRA Medical Billing Medical Software Medicare Mentorship messaging MGMA MIPS MIPS Registry mobile Mobile App Mobile Charge Capture Mobile EHR Mobile Health Mobile Messaging Mobile security Mobile Technology Modern Healthcare Native App news NIH OCM Oncology Care Model Patient Patient Care Patient Generated Health Data Patient Handoff Software Patient Information Patient Visits Patient-Centric pmd pMD Team population health Population Health Management PQRS QCDR Quality Scoring Recruiting Reimbursement reports Residents Responsibility Secure Data Secure Messaging Secure Messaging Video Secure Text Messaging SF Biz Times success support TCM Teamwork technology telehealth Text Messaging texting Upgrades VA Value-based care Wearable Device Web App