As San Diego medical product attorneys, we are extremely concerned by new
reports confirming that the recent Wannacry ransomware attack penetrated
As widely reported in the media, the Wannacry ransomware infected more
than 200,000 Microsoft Windows systems. The cyberattack exploited a security
vulnerability that Microsoft addressed in March by releasing an update
for its Windows operating system. A few weeks ago, hackers released files
from the National Security Agency that revealed how the security vulnerability
could be weaponized.
Ransomware encrypts or locks valuable digital files and demands a ransom
to release them. Accordingly, it can be extremely devastating for organizations
that rely on computers to perform critical functions. The entities impacted
by the Wannacry ransomware included 48 hospital trusts in the United Kingdom,
as well several unnamed medical facilities in the United States.
Bayer Corp. also acknowledged that it received reports that at least two
of its medical devices were compromised.
Forbes, a Bayer MedRad device used to assist in MRI scans was infected with the
WannaCry ransomware. Reports also suggest that Siemens equipment was also
affected by the cyberattack. According to security experts, Wannacry was
the first ransomware attack to impact medical devices. Unfortunately,
it is unlikely to be the last.
The U.S. Federal Bureau of Investigation (FBI) and the U.S. Food and Drug
Administration have both issued cybersecurity alerts regarding medical
devices. The FBI warned that hackers can gain access to unprotected devices
used in home health care, such as those used to collect and transmit personal
monitoring data or time-dispensed medicines. “Once criminals have
breached such devices, they have access to any personal or medical information
stored on the devices and can possibly change the coding controlling the
dispensing of medicines or health data collection,” the FBI cautioned.
Cyberattacks Impact on Patient Safety
It is unclear how many patients were directly impacted by Wannacry. “Medical
device outages increase resource needs, delay care, trigger more clinical
mistakes. The harm can go unseen unless you look for it," said Beau
Woods, deputy director of Cyber Statecraft Initiative at the Atlantic
Council. In the UK, several hospitals were forced to close their entire
radiology departments in the wake of the Wannacry attack.
Companies that fell victim to the ransomware were arguably negligent because
they failed to take reasonable precautions to update their computer systems
by installing the Microsoft security patch. If the
medical devices’ failures caused harm, patients may be able to hold the manufacturers accountable.
If you or someone you love has suffered serious harm due to a dangerous
or defective medical device, don’t hesitate to
a San Diego product liability lawyer at the Law Offices of Robert Vaage
for a free consultation.