Global Cyberattack Affected Some Medical Devices in U.S., Federal Officials Say

Homeland Security declines to comment

During a conference call with health care organizations on Monday, May 15, U.S. federal officials said that several medical devices had been infected with the ransomware that recently spread across dozens of countries, but they declined to identify the devices, according to an article in the Wall Street Journal. The Department of Health and Human Services, which organized the call, referred questions to Homeland Security, which didn’t immediately respond to the Journal’s request for a comment.

On Sunday, May 14, a Homeland Security official said in an interview that some U.S. health care companies reported “suspected or confirmed” attacks involving the ransomware. The official declined to say whether hospitals were among those affected.

The health care unit of Siemens AG, which makes medical imaging and laboratory diagnostic devices, sent a bulletin to customers to alert them that some products are vulnerable to the ransomware, a company spokesman told the Journal.

The largest U.S. hospital operator, HCA Healthcare, hasn’t detected an impact from the cyberattack, a spokeswoman said. The Nashville, Tennessee-based company, which also owns six hospitals in the United Kingdom, continues to monitor its networks, she said.

Northwell Health, which owns 18 hospitals and more than 550 outpatient centers in New York, gathered information-security employees at a data center in Westbury, New York, to monitor the health system’s networks.

Insurance giant Aetna also saw no impact from the ransomware but contacted hospitals and doctors in its networks asking for cybersecurity updates after the first attacks.

U.S. cybersecurity experts are busy scanning for evidence of new variants of the malware known as WannaCry, which worms into computers through a vulnerability in Microsoft software. The malware encrypts files and demands a ransom to release them.

Last year, Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 after ransomware took control of some of its computer systems.

Source: The Wall Street Journal; May 15, 2017.