Bring An Equalizer to the Fight. Choose a Firm That Was Created to Advocate for Victims.

Ransomware Attack Compromised Medical Devices

As San Diego medical product attorneys, we are extremely concerned by new reports confirming that the recent Wannacry ransomware attack penetrated medical devices.

As widely reported in the media, the Wannacry ransomware infected more than 200,000 Microsoft Windows systems. The cyberattack exploited a security vulnerability that Microsoft addressed in March by releasing an update for its Windows operating system. A few weeks ago, hackers released files from the National Security Agency that revealed how the security vulnerability could be weaponized.

Ransomware encrypts or locks valuable digital files and demands a ransom to release them. Accordingly, it can be extremely devastating for organizations that rely on computers to perform critical functions. The entities impacted by the Wannacry ransomware included 48 hospital trusts in the United Kingdom, as well several unnamed medical facilities in the United States.

Bayer Corp. also acknowledged that it received reports that at least two of its medical devices were compromised. According to Forbes, a Bayer MedRad device used to assist in MRI scans was infected with the WannaCry ransomware. Reports also suggest that Siemens equipment was also affected by the cyberattack. According to security experts, Wannacry was the first ransomware attack to impact medical devices. Unfortunately, it is unlikely to be the last.

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Food and Drug Administration have both issued cybersecurity alerts regarding medical devices.

Cyberattacks Impact on Patient Safety

It is unclear how many patients were directly impacted by Wannacry. “Medical device outages increase resource needs, delay care, trigger more clinical mistakes. The harm can go unseen unless you look for it," said Beau Woods, deputy director of Cyber Statecraft Initiative at the Atlantic Council. In the UK, several hospitals were forced to close their entire radiology departments in the wake of the Wannacry attack.

Companies that fell victim to the ransomware were arguably negligent because they failed to take reasonable precautions to update their computer systems by installing the Microsoft security patch. If the medical devices’ failures caused harm, patients may be able to hold the manufacturers accountable.

If you or someone you love has suffered serious harm due to a dangerous or defective medical device, don’t hesitate to contact a San Diego product liability lawyer at the Law Offices of Robert Vaage for a free consultation.