The WannaCry ransomware attack caused chaos for those attempting to assess the vulnerability of medical equipment. Paul A Blackett, medical engineering operations manager and M.Wilkinson, medical engineering projects and planning officer at Lancashire Teaching Hospitals NHS Foundation Trust, provide insight into a classification system that has been developed to aid practical assessments.
The Attack
Those unfortunate enough to be caught up in the WannaCry ransomware attack in May 2017 will no doubt remember the difficulties in assessing if medical equipment was going to be vulnerable to infection. It was a sharp wake up call for many people. According to DigitalHealth (2017), at least 1220 pieces of NHS diagnostic equipment were affected by the outbreak.
The initial response to such an attack is often to disconnect network connections as quickly as possible, whether or not equipment is vulnerable to such attacks. Although this reduces the risk of possible infection, it also severely restricts the usefulness of this medical equipment in the clinical pathway and in some cases a quick disconnection cannot be done easily due to ‘always on’ wifi connectivity in use. With the increased focus on cyber security in the world of internet connected technologies, obviously a good understanding of medical equipment cyber-vulnerabilities has to be obtained to respond in an efficient, safe and controlled manner. Without this understanding, expensive medical equipment might be needlessly isolated or remain unused until investigation is undertaken and it is either cleared for use, or patched, affecting the care available to patients.
Log in or register FREE to read the rest
This story is Premium Content and is only available to registered users. Please log in at the top of the page to view the full text.
If you don't already have an account, please register with us completely free of charge.
