Amid Pandemic, Microsoft Alerts Dozens of Hospitals Vulnerable to Ransomware Threat

Microsoft said it warned 'several dozens of hospitals' about vulnerabilities in their networks that could be used to deliver ransomware to their IT systems.
Amid Pandemic, Microsoft Alerts Dozens of Hospitals Vulnerable to Ransomware Threat
Image credit: Tayfun Coskun/Anadolu Agency/Getty Images via PC Mag

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Guest Writer
Reporter
3 min read
This story originally appeared on PC Mag

As doctors care for the sick during the coronavirus pandemic, Microsoft is trying to protect their hospitals from ransomware attacks. 

On Wednesday, Microsoft said it warned “several dozens of hospitals” about software vulnerabilities in the online systems they use. The company is concerned hackers could end up exploiting the same flaws to deliver ransomware to hospital computers. 

“To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others,” the company wrote in the blog post

The vulnerabilities Microsoft is worried about deal with network devices, including gateways and VPN servers. Hospitals use these systems so that workers can securely log in and access the local healthcare network and applications. 

Unfortunately, the same devices can contain vulnerabilities, making them attractive targets for hackers. One notorious group known as REvil has been doing just that by preying on flaws in vulnerable VPN servers to steal passwords, which can then be used to infiltrate an organization’s IT infrastructure. 

Not helping the matter is how many healthcare providers also use outdated software, such as Windows 7 and Windows XP. This can make them even more vulnerable to attack. 

Microsoft didn't say how it learned which hospitals were susceptible to REvil's attacks. But the company has been tracking the group's activities, and fears hospitals will fall prey to them, which could put lives at stake in light of the ongoing pandemic. “Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information,” the company added. 

Ransomware is particularly problematic because the attacks can encrypt entire fleets of computers, effectively shutting them down. To free them, the victims have to pay a ransom, which in some cases can reach six figures or more. 

Whether the affected hospitals heeded Microsoft’s warnings remains unclear. But the company’s blog post does contain tips on helping both hospitals and businesses protect themselves from potential ransomware attacks. 

Some of Microsoft’s employees are also part of a newly-announced coalition of 360 security researchers, who’ve banded together to protect hospitals from cyber attacks during the pandemic. According to Reuters, the group has already dismantled one campaign that was using a software vulnerability to distribute malicious computer code.

 

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Entrepreneur Store scours the web for the newest software, gadgets & web services. Explore our giveaways, bundles, "Pay What You Want" deals & more.

Latest on Entrepreneur