Two Years Later, WannaCry Remains an 'Unmanageable' Threat

Posted May 31, 2019


AAMI offers several resources to help both healthcare delivery organizations and medical device manufacturers develop effective cybersecurity practices and programs. They include:

For details on these and other resources, please visit the AAMI Store.

The health technology industry continues to draw lessons from the widespread WannaCry ransomware cyberattack in 2017. But despite two years of reflection and preparation, WannaCry still remains an active and “unmanageable” cybersecurity threat, with 40% of healthcare delivery organizations (HDOs) experiencing at least one WannaCry attack in the last six months, according to a report by cybersecurity firm Armis.

“Contrary to common belief, WannaCry continues to impact devices even today … [it is] is still vastly present in the wild and is estimated to be active on over 145,000 devices worldwide,” wrote Ben Seri, vice president of research at Armis in the report, which looks at more than the healthcare sector alone. The WannaCry worm is responsible for nearly one-third of all ransomware attacks worldwide.

While Microsoft quickly issued patches to legacy Windows devices that were vulnerable to WannaCry, a large number of medical devices remain unpatched, giving the ransomware worm “frightening potential” to continue to spread. Even though the worm is less likely to encrypt data and demand a ransom, it can still silently open a backdoor for other vulnerable unpatched devices and their associated networks.

Earlier this month, Microsoft released a patch to address its newly discovered Bluekeep vulnerability, which relies on the same exploit as WannaCry. The vulnerability is estimated to affect about 70% of medical devices.

AAMI has published several articles on patch management, including this article with tips for healthcare delivery organizations and this blog post. Episode 22 of the AAMI Podcast also covers patch management.

Additionally, attendees at the AAMI Exchange in June will have several opportunities to learn from cybersecurity experts during its education sessions and a new, dedicated cybersecurity track. For more information, visit