WannaCry and NotPetya – The CHIME and AEHIS Response

By Zach Donisch, Director, AEHIS, AEHIT, AEHIA Membership

In May of 2017, the cybersecurity community faced a global cyberattack on an unprecedented scale. What seemed to be a crippling attack on several hospitals in England’s National Health Service quickly spread to over 200,000 victims and over 300,000 devices. This attack would quickly become known as “WannaCry,” and utilized an exploit released by known cybercriminals originally designed as a U.S. National Security Agency tool for offensive cyberattacks. While the exploit was identified and a patch was offered prior to the attack, many firms still had not patched their systems to prevent against the WannaCry exploit, as evidenced by the success and scope of the attack.

As initial reports developed around WannaCry, CHIME and AEHIS members began talking about the scope of the attack through internal channels, such as AEHIS Interact. While social media channels were inundated with theories and rumors, basic information on the cyberattack was reported through television and newspaper channels. AEHIS and CHIME drafted a member alert that went out to members by 5 p.m. Eastern time with current and accurate information. In our initial communication, we included an official bulletin from federal agencies monitoring the attack.

One significant challenge for CHIME and AEHIS in crises like these is distilling incoming information to determine its validity. While our goal is to keep our members apprised on current industry events, our belief is that sharing misinformation is a critical and avoidable error in times of crisis. As a trusted member of the healthcare information security community, we want to provide you with correct and actionable information that can help inform decision makers in your organization. During this event, AEHIS and CHIME relied heavily on the expertise of our public policy teams and boards to advise us how to disseminate information.

As the attacks lost steam under heightened global awareness, CHIME and AEHIS members participated in group calls with regulatory bodies in Washington, D.C., and sought to understand the lasting impact of the WannaCry cyberattack. With the threat of WannaCry in the rear view, NotPetya (also called Petya) rose from the knowledge gained, and bad actors infected a whole new round of users. NotPetya began in the Ukraine, and quickly spread around the world. In this instance, U.S. healthcare organizations were confirmed to have been affected, with some shutting down operations due to ransomware crippling their systems.

Like during the WannaCry attack, CHIME and AEHIS provided actionable and timely updates from their members along with alerts and advice from federal agencies. In addition to providing accurate and timely updates, our associations recommended other information sharing avenues to help obtain a complete picture of the scope of the attack, and provided a channel to deliver information to federal officials who relied on our members’ experiences and expertise when evaluating and notifying others on details of this cyberattack.

One year after these unprecedented attacks, organizations are still affected. For some, critical systems are still offline and other solutions have been patchworked in place of them. During May and June of 2017, the need for business continuity planning in the face of crisis was apparent, and CHIME and AEHIS have begun providing education to help organizations mitigate the lasting effects of future attacks. We hope you have taken advantage of these opportunities, and we will continue to offer them as new measures and best practices are established.

As the premier association for CIOs and CISOs, CHIME and AEHIS play an important role in the daily lives of our members. We offer news and information pertinent to the industry, and while we were not directly affected by the global cyberattacks almost one year ago, we did respond and help disseminate information we found to be valuable and accurate. As we constantly look for ways to improve, we welcome your feedback on ways we can assist in the future when it comes to crisis response. Please send comments and suggestions to [email protected]

More AEHIS News

What Do Dues Do? – By Erik Decker

THIS, THAT and the Other Thing – By Zach Donisch

Mining Data from Recent Ransomware Attacks –  By Clyde Hewitt