The Department of Homeland Security has received no confirmed reports from U.S.-based hospitals, power plants, water systems or other entities considered to be critical infrastructure that they’ve been affected by a massive cyberattack that disrupted Britain’s health system and other computers worldwide, an agency official told Recode.
By Friday night, as many as 99 countries had been hit by hackers who exploited a known vulnerability in Microsoft Windows to lock scores of computers and demand a ransom in order to permit their continued use, according to the cybersecurity firm Avast. Among those affected were India and Russia, and in the United Kingdom, some hospitals even stopped performing surgeries at the height of the attack.
The security weakness itself had been uncovered by the U.S. National Security Agency, and it previously had been stolen from the spying agency and leaked online by rogue hackers, called The Shadow Brokers. Microsoft, for its part, introduced a patch for the vulnerability in March, but not every company or organization has installed the critical security update.
In the United States, reports surfaced Friday that the shipping giant FedEx had experienced trouble due to the so-called WannaCry exploit. A DHS official, however, said they have not yet confirmed any incidents in the United States, and declined to discuss the cybersecurity of private companies.
With critical infrastructure — and the government’s own computers — the DHS official also could not detail how many government computers had been patched on time. In an official statement, the DHS said Friday it’s “ensuring our own networks are protected against this threat.”
For now, the agency source said that it would continue sharing information with companies and other federal cybersecurity officials in the coming days, and could share more information with the public this weekend.
Just this week, President Donald Trump signed an executive order that commissioned a broad review of the country’s cybersecurity defenses and spending. As part of that, Trump stressed that federal agencies’ chiefs would be held accountable for intrusions on their computers and networks.