Wanna Cry?

June 30th, 2017 - Ann Bachman, BS MT(ASCP), CLC(AMT)
Categories:   Practice Management  

The WannaCry (short for WannaCrypt) ransomware* attack experienced worldwide in mid-May 2017 affected some 300,000 computers running Microsoft Windows operating systems in more than 150 countries. It affected healthcare institutions, communications providers, gas stations, and banks.

The attack began on Friday, May 12, 2017, encrypting data and demanding ransom payments in untraceable Bitcoin cryptocurrency. Microsoft had learned of the problem earlier and had released a “critical” security patch on March 14, 2017, for supported versions of Microsoft, but many Microsoft users had not yet applied it.

Before the malware did too much damage in the United States, a lone researcher on vacation identified as “Malware Tech” accidentally found a “kill switch” and bought the Internet domain that was coded into the malware but was not active. This triggered the kill switch, effectively shutting down WannaCrypt.

The cryptoworm particularly targeted older, unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003; most victims were running Windows 7. When Microsoft learned of the attack, they quickly provided emergency patches for unsupported older versions. The spread of WannaCry was contained within four days, with new infections happening much slower.

Meanwhile, as of May 25, 2017, WannaCrypt victims had deposited 302 payments for a total worth $126,742.48, or 49.60319 BTC. At least two multi-state hospital systems in the U.S. were attacked. BTC, or Bitcoin currency, is an Internet currency that is mathematically limited to 21 million bitcoins. That number can never be changed, meaning that Bitcoin cannot be counterfeited or inflated at will, unlike government-issued currency. Bitcoin, which is also a digital payment system, can be used to make payments to any entity that accepts the currency, often at significant savings.

Ransomware is a malicious software program that is being used more and more frequently by hackers to extort money from businesses, including healthcare entities. It originated in Russia but is now international and has grown exponentially over the past few years, becoming one of the most prevalent types of cyber-crime. It is very lucrative!

Ransomware encrypts digital files and holds them hostage while demanding payment for their release. Typically, victims receive an email addressed to them and open it, clicking on an attachment that looks legitimate, such as an invoice or an electronic fax, but the file holds the ransomware code. It could be a link to a legitimate-looking URL.

Once the victim opens the attachment, the malware installs itself on the computer. When the victim clicks on that URL, they are taken immediately to a website that infects their computer. The malware then encrypts files and folders, attached drives, backup drives, and possibly other computers in the same network. Victims are not aware of the attack until they can no longer access data or they see a message demanding the ransom. Until the victim pays the ransom the files are completely unavailable. Some files may never be retrieved, may be corrupted, or may be entirely eliminated.

How did WannaCry spread?

Malware is delivered as a Trojan virus through a loaded hyperlink that could be accidentally opened through an email, advertisement, or a Dropbox link. After it is activated, the software spreads through the computer, locking files with the same encryption used for instant messaging.

How should you respond to a ransomware attack?

1. Do not pay the ransom! There is no guarantee that the files will be returned. WannaCry did not identify who paid, so files were not returned.

2. Work with your IT team to restore data if possible.

3. Contact the FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or the U.S. Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#field) to report the event and request assistance.

4. Report the incident to US-CERT (www.us-cert.gov/ncas) and the FBI’s Internet Crime Complaint Center (www.ic3.gov).

5. If the attack may have affected medical devices, contact the FDA’s emergency line at 866-300-4374. Reports for multiple systems should be reported together.

6. Avoid or reduce HIPAA fines for loss of PHI by documenting a strong compliance plan.

Report healthcare-specific attacks to HHS’s Healthcare Cybersecurity and Communications Integration Center at HCCIC_RM@hhs.gov


Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.

Latest articles:  (any category)

Artificial Intelligence in Healthcare - A Medical Coder's Perspective
December 26th, 2023 - Aimee Wilcox
We constantly hear how AI is creeping into every aspect of healthcare but what does that mean for medical coders and how can we better understand the language used in the codeset? Will AI take my place or will I learn with it and become an integral part of the process that uses AI to enhance my abilities? 
Specialization: Your Advantage as a Medical Coding Contractor
December 22nd, 2023 - Find-A-Code
Medical coding contractors offer a valuable service to healthcare providers who would rather outsource coding and billing rather than handling things in-house. Some contractors are better than others, but there is one thing they all have in common: the need to present some sort of value proposition in order to land new clients. As a contractor, your value proposition is the advantage you offer. And that advantage is specialization.
ICD-10-CM Coding of Chronic Obstructive Pulmonary Disease (COPD)
December 19th, 2023 - Aimee Wilcox
Chronic respiratory disease is on the top 10 chronic disease list published by the National Institutes of Health (NIH). Although it is a chronic condition, it may be stable for some time and then suddenly become exacerbated and even impacted by another acute respiratory illness, such as bronchitis, RSV, or COVID-19. Understanding the nuances associated with the condition and how to properly assign ICD-10-CM codes is beneficial.
Changes to COVID-19 Vaccines Strike Again
December 12th, 2023 - Aimee Wilcox
According to the FDA, CDC, and other alphabet soup entities, the old COVID-19 vaccines are no longer able to treat the variants experienced today so new vaccines have been given the emergency use authorization to take the place of the old vaccines. No sooner was the updated 2024 CPT codebook published when 50 of the codes in it were deleted, some of which were being newly added for 2024.
Updated ICD-10-CM Codes for Appendicitis
November 14th, 2023 - Aimee Wilcox
With approximately 250,000 cases of acute appendicitis diagnosed annually in the United States, coding updates were made to ensure high-specificity coding could be achieved when reporting these diagnoses. While appendicitis almost equally affects both men and women, the type of appendicitis varies, as dose the risk of infection, sepsis, and perforation.
COVID Vaccine Coding Changes as of November 1, 2023
October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.
Medicare Guidance Changes for E/M Services
October 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....

Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2024 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association