Guest Opinion: How UK CyberAttack Could Also be Endangering Lives and How It Could Spread
The cyber-attack, using a ransomware bug known as WannaCry, appears to have used an NSA exploit known as “Eternal Blue” that was disclosed on the web by Shadow Brokers. Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch.
Like the DDOS attack last October, this attack shows that interconnected devices and systems are vulnerable to attack by nations, non-state actors and just plain crooks.
Although much of the focus in cybersecurity is in preventing data breaches, this attack points to the potential for an entirely different type of damage: shutting down entire businesses, hospital systems, banks, and critical infrastructure. Let’s hope that the attack on the National Health Service in Britain is simply a matter of inconvenience, and that nobody is denied essential care.
But what happens if someone is, and is harmed as a result? What if a US hospital were attacked similarly, and someone’s health were to be seriously impacted. Beyond the human tragedy, it would suggest possible new liability targets, starting with the hospital that failed to ensure that it had updated all of its patches.
Creighton Magid is a partner at the international law firm Dorsey & Whitney. Magid is an expert in product liability who has worked extensively with the Consumer Product Safety Commission.