INTERVIEW – A computer virus attack crippled several UK hospitals. France was apparently able to react in time despite persistent vulnerabilities.
This weekend, computers around the world were attacked by a computer virus, Wannacry. It has particularly hit the UK’s public health system, the NHS, where more than 70,000 devices have been blocked. Out of 248 of its organizations, 48 were infected, causing the slowdown in several hospitals.
Using a Windows XP flaw revealed by the leaked NSA documents, the malware blocked access to the data, until the user paid $ 300 in equivalent bitcoin, a virtual currency on the web.
The situation seems to have returned to normal, but cyber attacks against healthcare establishments seem to be on the increase. Vincent Trely, president of the Association for the Security of Health Information Systems (APSSIS), explains how these viruses work, and takes stock of our vulnerability.
What happened during this weekend’s cyber attack in the UK?
Vincent trely : This weekend, a cryptovirus (which encrypts computer data, making it inaccessible to the user, editor’s note), as there are many, and very powerful, has attacked a number of information systems connected to the Internet worldwide. It uses a vulnerability in Windows. Hospitals in England must have been behind on security patches, and they have taken the virus in a brutal fashion. This generated an encryption of data from the hospitals, which resulted in a loss of their IT. They also lost access to patient records, radiotherapy, CT and MRI programs. This disorganization may require the transfer of patients to operational hospitals.
Vincent Trely, President of APSSIS: ” In France, the park is not homogeneous. Some hospitals are still under Windows XP, attacked by this virus, systems are aging, and not updated … “
How do hackers operate during these attacks?
Vincent trely : This weekend, it was an automatic attack, which is diffused via robots and algorithms. The virus encrypts data on the infected computer and then encrypts data on the network to which the computer has permission to access. Then, it offers a payment protocol to recover the decryption key. You absolutely must not pay this ransom, because they are robots that operate, and their protocol ends when the money is received. So you will have paid, but the data will not be decrypted.
Other more sophisticated attacks, piloted by hackers, sometimes attack healthcare establishments. They take control of the data, encrypt or steal it, and demand a ransom with a payment protocol in exchange for the return of the data. It has happened many times in the United States, with establishments paying one, two, and up to ten million dollars.
Can hackers also use personal data?
Vincent trely : A medical file has a market value. There is a listing on the dark net. A medical file is valued, depending on the month, between 50 and 200 dollars. There are buyers, for data sets, at amounts that may be of interest to cyber hackers. There are databases of patients, or insurance, which are for sale for 300,000, 400,000, or 500,000 euros.
They can be of interest to governments, because the state of health of a population is an indicator like any other, multinationals, laboratories, insurance companies… It is not your file, nor mine, that interests them , but a mass of data on which we can do processing.
Are we vulnerable in France?
Vincent trely : All systems have flaws. If you buy a server, it will have some that will be discovered as you go, and they can be exploited. All manufacturers regularly distribute security fixes or patches. Managing IT means permanently maintaining all the equipment. And that is not always done. It’s complicated, it’s time consuming, it’s not always easy because the patches can cause the applications running on the server to malfunction. It’s a strategy.
In France, the park is not homogeneous. Some hospitals are still running Windows XP, attacked by this virus, systems are aging, and not updated. So we are very receptive to this kind of attack. But I think the necessary things have been done this weekend. I have seen a number of notes passing from the ministry’s cybersecurity chain to security and IT managers to mobilize them.
In France, we are making progress in terms of security. There is a lot to do. The French health system has become aware of the problem by going digital. Since 2012-2013, it is a subject, and it is now becoming an issue.
.
