...but the NHS needs to act differently moving forwards and take action. There are few things that can cripple the effectiveness of the NHS but, as we’ve all seen this week, cyber-criminals are doing their best.
Although it made the headlines because of its size, 47 Trusts in all, it really isn’t new news.
Using a computer virus, cyber-criminals are encrypting sensitive data and attempting to hold patient information hostage. Unless they’re paid to remove this encryption, the affected organisations lose access to vital information. Prior to last week’s events these viruses, known as ‘ransomware’, had already infected 34% of all Trusts across England, Scotland and Wales.
They have been plaguing NHS data since June 2015 with a total of 87 Trust being hit in the lead up to last week’s attack. Just like WannaCry, all had valuable data encrypted and locked behind a paywall. Scotland was the worst hit by the previous viruses, with over 60% of their trusts being attacked.
to pay or not to pay?
There are conflicting reports but it is thought that five Trusts have paid the criminals, based on data gained through FOI requests made by the RES, a cyber security company.
15 Trusts were able to provide further information about the origin of the attacks. 87% reported that the attacker gained access through a networked NHS device.
Cyber security firm SentinelOne also requested a FOI report. Their chief security consultant stated that “Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching.”
WERE LESSONS LEARNT?
The Government issued warnings earlier this year, informing the NHS that it was at risk of cyber-attacks saying “they are no longer the stuff of spy thrillers and action movies”. Ben Gummer, minister for Cabinet, said that “large quantities of sensitive data” held by the NHS and Government is being targeted by hackers. He fears that cyber attackers, after being successful with the NHS, could try to “disrupt” Britain’s energy, water and transport.
Specifically in the NHS, NHS Digital made a security patch available to all NHS organisations on 25th April that would have prevented WannaCry’s disruption.
In fact, one of the largest NHS Hospital Trusts in England was infected by a ransomware virus attack at the end of 2016. A Trust spokesman told the Telegraph at the time, “We are urgently investigating this matter and have taken a number of drives off line as a precautionary measure. We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected.”
Yet this Trust declared another major incident last week when WannaCry hit.
What HAPPENS NEXT IS KEY
Only in the coming days will we see the real impact on the NHS of this recent attack. Although there was no ‘second spike’ yesterday when people returned to work after the weekend, the disruption continues.
Blaming out of date systems and ignoring simple software upgrades can’t continue. The scale of the threat is growing so the response needs to be more robust.
At Practicus, in our Digital team, we have a network of professionals who can help to give your system the once over to avoid this kind of situation happening to you. Bringing in a cyber security expert can give you the peace of mind and avoid hitting the headlines for the wrong reasons.
Contact Sam Young at Practicus – 01491 577122.