How was the NHS cyber attack allowed to happen?
And more importantly, can we expect to see another NHS cyber attack in future?
The NHS cyber attack hit the headlines around the world last week and has been the subject of many a debate since.
How was it allowed to happen? What lessons can be learnt from it and can we expect to see similar attacks in the future?
In this article, we will attempt to answer all of these questions and more.
The massive WannaCry ransomware attack saw tens of thousands of computers across the world hijacked and their owners asked to pay an initial $300 in bitcoins rising with time to get their files back.
On Friday 12th May 2017, NHS hospitals and trusts across England and Wales started reporting a widescale cyber attack affecting computers.
Early reports highlighted that this was a ransomware attack with the attackers attempting to extort money from the victims.
Reports of incident starting coming in from across the country with NHS hospitals in the south of England, Lancashire, Essex, Hertfordshire and Yorkshire, with computer and phone networks affected.
Hospitals and Doctors surgeries across the country started disconnecting and turning off computers and network devices to avoid being hit by the ransomware meaning widespread chaos for NHS patients and staff.
What is Ransomware?
Ransomware is a type of virus that essentially holds you and your computer to ransom.
It can strike in a number of ways including encrypting all of your data or locking out a users access to computer.
Attackers will usually request money in order for you to regain access to your data.
This will money will usually be requested in the form of bitcoins, which are difficult to trace.
Japanese security software firm Trend Micro says this on their website “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.
“More modern ransomware families, collectively categorised as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.”
Trend Micro warns that paying these criminals will not always guarantee that they will decrypt your files.
If you’ve think you have been the victim of a similar attack, call us today on 0151 538 1075 or send us a message here.
How did the NHS Cyber Attack happen?
The NHS Cyber Attack ultimately happened because the NHS were guilty of not updating their computer operating systems from Windows XP.
Microsoft stopped supporting Windows XP back in 2014 and since then the NHS has been slow in replacing this outdated operating system.
This meant that thousands of machines were not being protected from the latest vulnerabilities and malicious software.
The blame for this cyber attack (in our opinion) has to lie with the British Government’s shoulders.
The UK Government (in it’s infinite wisdom) decided not to renew a support contract with Microsoft in 2015, which would have ensured that this attack never took place.
Government officials were aware of this ticking time bomb as early as April 2014 when a letter from the Cabinet office warned that “It is imperative your organisation understands the risk placed on it should the decision be not to take out a deal.”
“Integral is considering your… migration roadmap from XP and identify risk exposure and timeframes.”
These warnings were ultimately ignored by then Home Secretary, Theresa May (now known as acting Prime Minister Theresa May).
The NHS, like many other Government departments has for too long relied on a dwindling pool of talent, with the most skilled technical staff seeking higher pay in the private sector.
At the same time, most active roles within the NHS require previous NHS experience, which has ensured that the best talent from outside of the public sector has always stayed outside of the public sector!
Failed Central Government IT projects have been a mainstay for as long as we can remember and the projects that have been completed have often been of poor quality and overpriced.
This has left the UK’s National Health Service in a precarious position and relying on an ageing infrastructure to provide life saving services.
Can we expect to see another NHS Cyber Attack in future?
Most likely yes, although we hope that lessons have been learnt this time and that any future attacks will not be on as wide a scale.
The increase in high profile cyber attacks over the past few years shows that no one is safe.
When you have institutions like the NHS who have outdated and unsupported systems, then the chance of an attack of this nature increases exponentially.
Fingers crossed IT technicians across the NHS are currently busy upgrading all of their computers to Windows 10, although with the amount of different bespoke systems and drivers that are required to run the NHS and its multitude on different machines, we seriously doubt that!