National Health Service in National Cyber-Security Crisis
The WannaCry ransomware attacks that took place in May 2017, gripped the nation, rendering businesses, schools and public authorities powerless against the infection. Amongst the reported 300,000 organisations was the British National Health Service (NHS). An organisation already under strain from tight budgets, growing demands and a 24-hour schedule.
The National Audit Office (NAO) has confirmed some of the extent of the attack and the damage caused, however, stating that the full extent and cost would never be truly known. WannaCry began on Friday 12th May and over the following weekend some 19,500 appointments were forced into cancelation; 600 surgeries had no access to computer systems during the period and at least 5 hospitals had to divert ambulances while they attempted to regain access to systems.
“Basic IT Security”
The attack itself contained strains of code that allowed it to act as a ‘worm’ and spread from one infected machine to another silently across a network. This meant that a single infected machine on the network of a trust, put the entire network at risk and within hours a third of all NHS trusts had been infected.
In March and April of 2017, however, NHS Digital had warned all trusts to fix and patch the exact bug which was exploited during the Attack. Amyas Morse, Head of the National Audit Office since stating:
“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
For an organisation that holds such huge quantities of highly sensitive data, the ease at which an attack could affect networks is worrying. In a recent parliamentary hearing Department of Health Officials admitted that all 200 trusts in the UK, had failed tests on cyber-security. And even with trusts beginning to act and implement further security measures, Rob Shaw, the NHS Digital deputy chief executive, still believes trusts are falling short of the ‘High bar’ set for cyber-security standards.
“The amount of effort it takes from NHS providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So, some of them have failed purely on patching which is what the vulnerability was around WannaCry.” - Rob Shaw, Deputy Chief Executive, NHS Digital
Protecting complex IT environments against cyber-threats
The NHS has a ‘complex’ structure of IT environments to protect, with many facilities and offices, a huge number of end-points and systems that need to be available 24/7. Any enterprise organisation with a similar environment would likely have implemented state of the art solutions to ensure protection but the NHS is under extreme budgetary pressures and IT systems are often done on the cheap. So how can the organisation handle its challenges and ensure the mistakes that lead to the WannaCry attack don’t happen again?
Patching and update schedules
As with WannaCry, patches and software updates are regularly released to protect against known vulnerabilities that can be exploited against attack. It is vital that when software and solutions providers release updates and patches, that users take advantage of them. Implementing a regular update and patching schedule will ensure that security features are up to date and exploits protected against.
One of the biggest remaining vulnerabilities to IT environments is the users who have access. Ransomware attacks take advantage of this and email, malicious links and websites are all causes of infection. Training staff to be warier of these threats and to spot them will help improve the chances of staying secure and protected.
Not all infections or attacks can be stopped, no matter how advanced security systems are. That’s why it is vital to ensure that an off-site backup of data remains intact. The ability to quickly recover data on demand can mitigate the effects of a ransomware attack and allow IT, teams to get staff back to operational capacity quickly.
To find out more about the effects and causes of Ransomware, access the Redstor whitepaper here. Redstor has been a trusted provider of services to help manage and protect data for 20-years, in our time we have helped hundreds of organisations recover from Ransomware attacks and ensured the availability of platforms with our secure off-site cloud backup solutions. Find out more about Redstor backup and how it can help ensure recovery, here.