NHS Trusts hit by ransomware attack

A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack. The investigation is at an early stage and is believed the malware variant is Wanna Decryptor.

This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

Dr Anne Rainsberry, NHS Incident Director, said: “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E  or access emergency services in the same way as they normally would and staff will ensure they get the care they need. More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing. NHS Digital are investigating the incident and across the  NHS we have tried and tested contingency plans  to ensure we are able to keep the NHS open for business.”

Industry experts commented:

Nir Polak, CEO at Exabeam:

“Last year, ransomware took the spotlight as one of the most persistent cybersecurity issues in the healthcare field around the globe. In 2016, it was primarily a nuisance, hitting individuals’ computers and costing time and money, but otherwise not affecting operations significantly. The NHS attack is notable in that it appears to be affecting patient treatment – last year we didn’t hear about ransomware causing hospitals to tell patients to stay at home. If 2016 was the year that hackers tested defences, perhaps 2017 is the year they will make use of those test results. Security professionals need to look at solutions that don’t require patches and updates from vendors, as these will never happen quickly enough to combat the problem in a timely manner.”

Thomas Fischer, threat researcher and security advocate at Digital Guardian:

“We’re always hearing about an ongoing funding crisis in the NHS, but we rarely think about the impact that this has on IT systems. Without proper investment, the NHS can’t upgrade its software or operating systems, so it becomes more susceptible to an attack. It also can’t afford to deploy solutions that can proactively prevent and mitigate cyber attacks. In a critical situation – such as in a hospital where you have patients’ lives on the line – ransomware is easy money. In many cases, healthcare organisations rely on up-to-date information from electronic records to function. Patient care could be at risk if there are delays in accessing important information. Criminals know that hospitals are likely to pull the plug and pay the ransom. They can’t afford to wait for backup to kick in. At the end of the day, the Government will have to spend money – either on security solutions or on unlocking the systems.”

“It is interesting that such a high-profile attack has hit in the run up to the election. That’s not likely to be a co-incidence. We’ve seen hackers attack parties to weaken their credibility before, so why not do the same to the entire country? A successful attack on an organisation like the NHS could be seen as an attack on the quality of UK computer systems, which are generally world-leading. This is almost certainly an attempt at disrupting the system.”

Jon Lucas, Director at Hyve Managed Hosting:

“As one of the most mission-critical public sector bodies in the UK, the disruption caused by this cyber attack on the NHS is hugely alarming. That such a huge geographically sprawling organisation can be affected by a single ransomware attack, taking both phones and computers offline nationwide, signals a significant void in the data security in the NHS and reinforces that once in, it can be hard to stop ransomware from spreading. Companies can avoid similar circumstances by working with an expert managed service provider to continuously monitor for vulnerabilities in infrastructure as well as possible pathways for intrusion, but also offer disaster recovery to minimise impact should the worst happen. While there is a lesson here for every organisation, in an industry such as healthcare, downtime can be potentially life-endangering.”