Digital & Hi-tech News

Lessons to learn from NHS cyber attacks: Geoff Jones, Cyberis

Share Article

Written by: Geoff Jones | Posted 17 May 2017 7:34

Lessons to learn from NHS cyber attacks: Geoff Jones, Cyberis

Geoff Jones from Tewkesbury-based cyber security consultants Cyberis looks at the recent cyber attacks and provides some advice to avoid becoming a victim

On 12 May we experienced cyber crime on a scale never seen before. An extremely virulent outbreak of ransomware began to infect organisations across the world and within several hours, over 75,000 victims were reported in 90+ countries from telecommunications companies in Spain to a Russian ministry. In total, some 200,000 organisations have now been affected in over 150 countries. In the UK, the NHS felt the full force of attack across 48 health trusts in England.

Ransomware, as the names suggests, is a malicious program that locks a computer's files until a ransom is paid, usually in the form of the online currency, Bitcoins. This outbreak of the WannaCry ransomware is different from any outbreak previously seen because it uses a vulnerability in Microsoft Windows operating systems to spread to neighbouring computer systems over networks once it has infected its original host.

The vulnerability exploited was disclosed last month in a leak from the US National Security Agency (NSA). This means that the very same toolkit used to hack into and secretly snoop on foreign governments is now in the public domain and built into a ransomware worm.

The vulnerability affects current Microsoft Windows operating systems and the legacy Windows XP operating system that is no longer supported by Microsoft but is still in use on many important systems worldwide – including in the NHS.

So, what can you do to do to avoid becoming a victim:

• Patching. Critical patches provided by Microsoft and other application providers should always be deployed as quickly as possible. If you are up-to-date with your Microsoft patches, the risk of infection spread is reduced. Patching can be time consuming and expensive, but the cost of recovery will be many magnitudes greater.

• Backups. Backups are your only chance of recovering data without paying the ransom. If you choose to pay the ransom, this puts you at the mercy of a criminal, does not guarantee your data will be returned, and encourages further attacks of this type.

• Legacy systems. If you must run Windows XP because it is providing a critical function, remove it from the corporate network to avoid a weak link.

• Perform regular security testing. Understand and mitigate your risks and act upon professional advice. The vulnerabilities facing the NHS network have been widely known for years so should not have been a surprise.

• Education. The original infection is likely to be caused by a ‘phishing’ email, encouraging an unsuspecting victim to open a document or click on a link to a website. If you educate users to spot a phishing email, they may avoid being ‘patient zero’.

• Prepare for an incident. Plan in advance what actions you would take if the worst were to happen.

Tewkesbury-based Cyberis is a leading cyber security consultancy formed in 2011 that provides a range of technical assurance, training and incident response services.


Share Article