A computer malware virus that has devastated a number of businesses across the globe has been disrupting operations the last several days at FirstHealth of the Carolinas and a number of doctors’ offices across the Sandhills.
The malware virus was detected in the organization’s computer network midday Tuesday and the system has remained offline while it is scrubbed of the threat.
The malware has been identified as a new form of “WannaCry,” a ransomware virus that initially struck companies around the globe this past May.
“FirstHealth’s computer network experienced a ‘downtime event’ that began Tuesday, Oct. 17 at 2:15 p.m. due to a threat from a malware virus,” said Emily Sloan, FirstHealth’s assistant public relations director in a prepared statement. “FirstHealth’s Information System team immediately identified the threat and implemented security protocols, including shut-down of the information system network. At that time, staff initiated standard downtime procedures."
FirstHealth's security analysts first identified the virus on a non-clinical device, and it spread quickly to other devices on the network in the same work areas. The unusual activity of the virus was immediately spotted and the network was taken down.
Sloan said the Information System team is still analyzing the details on the exact entry point and the method in which the virus was delivered.
“Out of an abundance of caution, FirstHealth remains on downtime, as the Information System team validates that all systems and devices have been tested and cleared of any threat,” she added.
FirstHealth has more than 4,000 devices and more than 100 physical locations connected to its network. Each one must be thoroughly checked to ensure there is no virus risk.
“As a result of the quick response by the Information System security team, the virus did not reach any patient information, operational information or databases,” Sloan said. “Patient information has not been compromised. At this time, it appears that no damage has occurred to the network or devices.”
The attack was not related to the newer Epic computer system, but access to Epic, like all other systems, was blocked in order to prevent the virus from impacting that system. The FirstHealth MyChart online program is accessible to patients; however, information has not been updated since the downtime event.
Several medical professionals and offices in recent days have reported problems with obtaining records, handling patient appointments and dealing with the normal flow of information across computer networks.
“We are experiencing some delays and appointment cancellations as a result of the downtime event. This does not apply to critical and emergent needs,” said Sloan. “We sincerely apologize for any inconvenience this has caused. Our team is working tirelessly to remediate the virus and get our system back up to be fully operational.”
WannaCry spreads through computer networks by exploiting critical vulnerabilities in Windows computers.
Within a day of its first emergence in May, it infected more than 230,000 computers in over 150 countries. The cyberattack — which has since been blamed on North Korea, a country that employs more than 6,000 hackers — temporarily locked down the United Kingdom’s National Health Service network, among thousands of other victims. In June, a newer version of WannaCry once again caused havoc, spreading from the Ukraine across the world, hitting companies that included the Danish shipping giant Maersk.
Marcus Hutchins, a British web researcher, thwarted the original WannaCry virus by discovering a “kill switch,” but, it should be noted that Hutchins himself was charged, in August 2017, with allegedly creating a banking malware virus known as Kronos.
Attacks on hospital computer systems seem especially cruel, a point argued even within the murky morality play between hackers themselves. But FirstHealth’s dilemma is one in a long list of troubling attacks on the industry. A recent report in the Annals of Internal Medicine counted nearly 2,000 hospital data breaches of varying kinds between 2009 and 2016.
Hollywood Presbyterian Medical Center was the first healthcare provider to get hit with a ransomware demand last year, and reportedly paid about $17,000 to save its data. In the ensuing months, this type of malware proliferated. Some called 2016 ‘The Year of Ransomware,’ with attacks spiking up 6,000 percent.
And while the original WannaCry attack has been linked to North Korea, software giant Microsoft has also faced criticism because the virus is spread through older versions of its Windows programs.
“I can’t emphasize enough how quickly our Information Systems security team identified the threat and shut down our network protecting our servers and databases,” says David Dillehunt, chief information officer for FirstHealth of the Carolinas. “All industries deal with nefarious forces trying to hack into computer networks, so this is not new. I’m just very proud of how our team reacted and the work they are doing to ensure the virus is totally removed before restoring all network connectivity.”
FirstHealth of the Carolina has deployed an anti-virus patch specifically developed for the virus that will be implemented throughout the FirstHealth system. In addition, the patch will also be added to anti-virus software available for others in the industry to apply to their systems.
The network will be fully restored once we have carefully scanned and implemented the antivirus patch on all the devices in the FirstHealth system.
"Although we have determined that there is no evidence of any data breaches or unauthorized access to date, we want to make sure the network is brought up deliberately and incrementally," Dillehunt said.
Updates on FirstHealth’s progress will be available on the organization’s website and social media pages.