New WannaCry variant takes down North Carolina provider

The North Carolina health system shut down its system after falling victim to a modified version of the notorious ransomware virus that devastated more than 300,000 devices from 150 countries in May.
By Jessica Davis
10:16 AM
WannaCry ransomware

The computer network of Pinehurst-based FirstHealth of the Carolinas was shut down by a new form of WannaCry last week.

The health system detected the virus on Tuesday afternoon, and the organization took its system offline while it attempted to remove the malware from its system, according to FirstHealth’s alert. FirstHealth’s staff initiated its downtime procedures at that time.

[Also: WannaCry victim NHS Lanarkshire hit by new ransomware strain]

Learn on-demand, earn credit, find products and solutions. Get Started >>

The site has not yet been updated with its current status, but officials said it will remain offline out of an abundance of caution to make sure all devices and its system are clear of the threat.

The organization developed an antivirus patch specifically for the WannaCry virus, which it's implementing across the entire network. FirstHealth will provide the tool for other healthcare organizations to use.

[Also: The biggest healthcare breaches of 2017 (so far)]

“As a result of the quick response by the information system security team, the virus did not reach any patient information, operational information or databases,” officials said. “Patient information has not been compromised.  At this time, it appears that no damage has occurred to the network or devices.

“We are experiencing some delays and appointment cancellations as a result of the downtime event,” officials continued. “This does not apply to critical and emergent needs. We sincerely apologize for any inconvenience this has caused.”

WannaCry first struck in May, devastating organizations around the globe, including the UK’s National Health Service. The ransomware strain was part of April’s massive NSA leak from the cybercriminal group the Shadow Brokers.

Although a kill switch was found for the virus a day later, it merely slowed down the attack. Overall, 300,000 users from 150 countries fell victim to the virus.

Twitter: @JessieFDavis
Email the writer:

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.