Queensland hospitals facing system failure after botched WannaCry patch

Five hospitals in Queensland are suffering from system failure caused by the security patches that were installed to protect the hospital from the global WannaCry ransomware attack.
Written by Tas Bindi, Contributor

Five hospitals in Queensland are suffering from IT problems after efforts to thwart a possible ransomware attack backfired.

Security patches that were installed to protect hospital systems from the WannaCry ransomware attack that hit hundreds of thousands of private and public institutions across the world are now causing system slowness in Brisbane's Princess Alexandra and Lady Cilento Children's hospitals, as well as the Cairns, Mackay, and Townsville hospitals.

Queensland Health Minister Cameron Dick told the state parliament on Thursday that the patching has not compromised patient safety; however, hospital staff are struggling to log into systems such as the integrated electronic medical record system (ieMR) used to access historical patient records.

Dick said hospital staff members are trained to adapt to such circumstances, reverting to paper-based systems where necessary.

"While this is causing inconvenience to staff, I'm advised that there have been no patient safety issues and our hospitals are operating as usual," Dick told the state parliament on Thursday.

Dick added that the impact of the logon issues may result in some delays to patient admission or discharge.

Shadow Health Minister John Paul Langbroek said the incident amounted to another health "bungle" from the government.

"Our hospitals are already buckling under the pressures of ambulance ramping and bed block and the last thing they need is for the system to crash," Langbroek said in a statement.

"Patients waiting for critical treatment will be left in the lurch if this e-health system isn't fixed immediately."

Dick advised that a team from Queensland eHealth is working to resolve the issue, which may continue on for another week.

Earlier this month, the WannaCry ransomware, named due to its worm-like features, quickly spread itself across infected networks, exploiting the EternalBlue vulnerability found in certain versions of Windows. Microsoft even released an emergency patch for its long unsupported operating systems.

The attack resulted in more than 300,000 organisations around the world having their data locked by hackers.

The organisations were met with a ransom demand for $300 in bitcoin to be sent to the hackers, which soon rose to $600 if payment wasn't made within three days and was followed by the threat of files being deleted forever.

While there were a large number of victims, according to a bot watching the bitcoin wallets tied to the ransomware attack, just 302 payments had been made as of May 25, 2017, netting the perpetrators 49.6 bitcoins -- a figure worth approximately $126,742.

As authorities across the globe try to hunt down the perpetrators, some cybersecurity researchers think the whole campaign could have been the result of a relatively amateur operation which got out of hand.

"What we see in the malware is actual evidence of the attackers just taking code from that Github page, so we can draw a direct line from the malware, back through to the NSA exploits," Yaniv Balmas, ‎malware research team leader at security company Check Point, said at the company's CPX conference in Milan, Italy.

Orli Gan, product manager at Check Point, also speaking at the CPX conference, said the perpetrators behind WannaCry have been haphazard in their attempt to build the ransomware on top of the code, something that organised, professional cybercriminal groups wouldn't do.

"The ransomware built on top of it is pretty amateur and also what you can see is the amount of money received is significantly lower than in other cases," said Gan.

With AAP

Editorial standards