Cloud Backup
 

We`re just sending through your details

Please give us a few moments whilst we get your account ready.

OKAY

National Health Service in National Cyber-Security Crisis

National Health Service in National Cyber-Security Crisis

posted in Ransomware ● 8 Feb 2018

The WannaCry ransomware attacks that took place in May 2017, gripped the nation, rendering businesses, schools and public authorities powerless against the infection. Amongst the reported 300,000 organisations was the British National Health Service (NHS). An organisation already under strain from tight budgets, growing demands and a 24-hour schedule.

The National Audit Office (NAO) has confirmed some of the extent of the attack and the damage caused, however, stating that the full extent and cost would never be truly known. WannaCry began on Friday 12th May and over the following weekend some 19,500 appointments were forced into cancelation; 600 surgeries had no access to computer systems during the period and at least 5 hospitals had to divert ambulances while they attempted to regain access to systems.

“Basic IT Security”

The attack itself contained strains of code that allowed it to act as a ‘worm’ and spread from one infected machine to another silently across a network. This meant that a single infected machine on the network of a trust, put the entire network at risk and within hours a third of all NHS trusts had been infected.

In March and April of 2017, however, NHS Digital had warned all trusts to fix and patch the exact bug which was exploited during the Attack. Amyas Morse, Head of the National Audit Office since stating:

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

For an organisation that holds such huge quantities of highly sensitive data, the ease at which an attack could affect networks is worrying. In a recent parliamentary hearing Department of Health Officials admitted that all 200 trusts in the UK, had failed tests on cyber-security. And even with trusts beginning to act and implement further security measures, Rob Shaw, the NHS Digital deputy chief executive, still believes trusts are falling short of the ‘High bar’ set for cyber-security standards.

“The amount of effort it takes from NHS providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So, some of them have failed purely on patching which is what the vulnerability was around WannaCry.”                         – Rob Shaw, Deputy Chief Executive, NHS Digital

Protecting complex IT environments against cyber-threats

The NHS has a ‘complex’ structure of IT environments to protect, with many facilities and offices, a huge number of end-points and systems that need to be available 24/7. Any enterprise organisation with a similar environment would likely have implemented state of the art solutions to ensure protection but the NHS is under extreme budgetary pressures and IT systems are often done on the cheap. So how can the organisation handle its challenges and ensure the mistakes that lead to the WannaCry attack don’t happen again?

Patching and update schedules

As with WannaCry, patches and software updates are regularly released to protect against known vulnerabilities that can be exploited against attack. It is vital that when software and solutions providers release updates and patches, that users take advantage of them. Implementing a regular update and patching schedule will ensure that security features are up to date and exploits protected against.

Staff training

One of the biggest remaining vulnerabilities to IT environments is the users who have access. Ransomware attacks take advantage of this and email, malicious links and websites are all causes of infection. Training staff to be warier of these threats and to spot them will help improve the chances of staying secure and protected.

Off-site Backup

Not all infections or attacks can be stopped, no matter how advanced security systems are. That’s why it is vital to ensure that an off-site backup of data remains intact. The ability to quickly recover data on demand can mitigate the effects of a ransomware attack and allow IT, teams to get staff back to operational capacity quickly.

To find out more about the effects and causes of Ransomware, access the Redstor whitepaper here. Redstor has been a trusted provider of services to help manage and protect data for 20-years, in our time we have helped hundreds of organisations recover from Ransomware attacks and ensured the availability of platforms with our secure off-site cloud backup solutions. Find out more about Redstor backup and how it can help ensure recovery, here.

Redstor named Hosted Cloud Vendor of the Year

Redstor was named Hosted Cloud Vendor of the Year at the 2022 Technology Reseller Awards. Andy Kerr, Redstor’s head of marketing in Europe, is pictured receiving the award with colleagues Harpal Chima, Tom Walker, Kim Reddy and Alan Manicom at the London Hilton Bankside Hotel.

Continue reading

Redstor wins IT Europa Channel Award

Redstor was named Connected Technologies Vendor of the Year at the IT Europa Channel Awards. Gareth Case, Redstor’s Chief Marketing Officer, is pictured receiving the award with Brian Evans, Adele Quinn and Lara Sibley at the Royal Lancaster Hotel, London.

Continue reading

Why you need to backup your QuickBooks data

In a recent LinkedIn poll, Redstor asked our followers if they had heard of QuickBooks, and 90% responded that it is a very popular type of accounting software.

 

Continue reading

Download The Ultimate MSP Growth Guide

  • This field is for validation purposes and should be left unchanged.