As of Monday, May 15, more than 300,000 computers in 150 countries were hit by a ransomware virus called “Wanna Cry.” The virus was reported over the weekend when it struck various companies, hospitals, and individuals, forcing them to pay $300 in untraceable currency to regain access to their files. One of the most notable victims of Wanna Cry was the United Kingdom’s National Health Service (NHS). At least 25 NHS hospitals had to reroute patients and cancel appointments while trying to save their medical records from the virus.
Ransomware is a new twist on an old crime. The virus locks down all your computer files so you can’t access them. Then a screen appears telling you that you have a certain number of days to pay the hacker in untraceable currency. Pay and you get all your files back. Refuse and your computer remains locked and your files, documents, photos, and videos are lost forever.
This type of attack particularly devastating for hospitals, where the locked medical records and computer system are critical for patient care and treatment. Nor is Wanna Cry the first ransomware attack to affect hospitals. Here’s a quick list of 12 that happened in 2016, with many more cases occurring that same year.
Barts Health NHS Trust, which runs four hospitals in London, had its files locked on May 13. The hospital noted the attack had forced it to cancel some appointments, send incoming patients to other hospitals, and slowed down the facilities’ pathology and diagnostic services.
“Barts Health staff are working tirelessly, using tried and tested processes to keep patients safe and well cared for,” the system wrote on Monday. “We are no longer diverting ambulances from any of our hospitals. Trauma and stroke care is also now fully operational. However, we continue to experience IT disruption, and we are very sorry for any delays and cancellations that patients experience. In these circumstances, we would ask the public to use other NHS services wherever possible.”
Microsoft had already created a software patch in mid-March that closed the Wanna Cry vulnerability. However, many facilities didn’t update their security systems.