FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health network, has been attacked with a new WannaCry ransomware variant.

WannaCry ransomware was used in global attacks in May this year. More than 230,000 computers were infected within 24 hours of the global attacks commencing. The ransomware variant had wormlike properties and can spread rapidly affecting all vulnerable networked devices. The campaign was blocked when a kill switch was identified and activated, preventing file encryption. However, FirstHealth has identified the malware used in its attack and believes it is a new WannaCry ransomware variant.

The FirstHealth ransomware attack occurred on October 17, 2017. The ransomware is believed to have been introduced via a non-clinical device, although investigations into the initial entry point are ongoing to determine exactly how the virus was introduced. FirstHealth reports that its information system team detected the attack immediately and implemented security protocols to prevent the spread of the malware to other networked devices. While the attack was detected rapidly, the ransomware did spread to other devices in the same work areas.

FirstHealth has issued a statement confirming the ransomware attack did not involve the encryption of patient information, and reports that its Epic EHR was unaffected. However, access to its Epic system has been blocked as part of its security protocol to prevent the encryption of patient data and the system is still inaccessible. The MyChart service is online, but no information has been uploaded to the system since the attack occurred.

Even though the attack was limited it has caused considerable disruption. FirstHealth said, “Our team is working tirelessly to remediate the virus and get our system back up to be fully operational.”

FirstHealth says a patch to address the vulnerability exploited by the new WannaCry ransomware variant has been developed and the patch is being applied on all vulnerable devices. FirstHealth said, “This patch will be added to anti-virus software available for others in the industry to apply to their systems,” suggesting it is not the same patch (MS17-010) that was made available by Microsoft in March to block the SMB flaw that the May 2017 WannaCry attacks exploited.

Read article at link below:

https://www.hipaajournal.com/firsthealth-new-wannacry-ransomware-variant/