The cyber attack on the NHS this time last week caused a great deal of shock and distress for the public, with vital health services in Lincolnshire affected and staff rushed off their feet having to cope. Now that hospitals and GP surgeries appear to have thankfully recovered, we can all breathe a sigh of relief. But can we expect more of these types of cyber attacks in the future? And more importantly, how do we prevent them?
The malware attack froze computers across a number of NHS trusts on Friday, May 12 threatening to delete key files unless a ransom was paid.
United Lincolnshire Hospitals NHS Trust, in charge of the county’s hospitals, was one of those affected, with services impacted in Lincoln, Boston and Grantham.
All computers and phone lines were shut down and outpatient, endoscopy, cardiology and radiology appointments scheduled for the weekend were cancelled.
GP surgeries across the county were forced to take precautions and revert back to more traditional methods of communicating such as pen and paper.
Hackers also targeted global organisations such as Telefonica, Deutsche Bahn, Nissan and FedEx as the attack became a worldwide threat.
A so-called “accidental hero” based in south-west England, who identified himself only as MalwareTech, caused an unexpected and welcome halt to the attack by inadvertently activating a “kill switch” in the malicious software.
However, while the attack was ongoing, politicians were quick to try and deflect any blame from them, wary about any negative coverage ahead of the upcoming general election on June 8.
Health Secretary Jeremy Hunt was especially identified for criticism by some, with claims that NHS trusts had not received sufficient funding to update their systems, which meant that many were still running outdated and vulnerable Windows XP software.
By contrast, Home Secretary Amber Rudd appeared to point the finger at the NHS, stating that trusts needed to learn the lessons from the attack and ensure they upgrade their systems.
Chris Hopson, chief executive of NHS Providers, which represents most trusts, said: “The quick rush by some to lay the blame on ‘incompetent NHS managers’ is disappointing.
“It feels like the usual NHS bashing and is unsupported by evidence.”
Labour’s Shadow Health Secretary Jon Ashworth was unsurprisingly quick to criticise the Conservative government’s handling of the crisis.
He said: “NHS trusts have been running thousands of outdated and unsupported Windows XP machines despite the government ending its annual £5.5 million deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015.
“It effectively means that unless individual trusts were willing to pay Microsoft for an extended support deal, since May 2015 their operating systems have been extremely vulnerable to being hacked.”
‘A way to make easy money’
An attack of this nature is not something which individuals and organisations are unaccustomed to here in Lincolnshire. Over the last year, Lincolnshire County Council and the Lincolnshire Chamber of Commerce have both been handicapped by similar ransomware attacks.
Yvonne James is a lecturer in Computer Science at the University of Lincoln, specialising in cyber security.
She told Lincolnshire Reporter that ransomware attacks are already very common and are becoming increasingly more so.
She said: “A recent survey by a company called Malwarebytes has thrown up some interesting statistics. In a survey they conducted 54% of UK companies have been hit by a ransomware attack.
“For the hacker it is a way to make easy money. Over half the companies in the UK that have been hit will pay the ransom and hope their data is restored.
“Hackers are using more sophisticated attacks which can go unnoticed by security software. The National Crime Agency Cyber Industry Group released a report in July 2016 that identified cyber crime as 35% of total crime committed in 2015.
“A major issue in the attack on Friday was that too many organisations do not pay close attention to the network security.
“Many organisations also have older technology so may be running some computers on Windows XP for example.
“There is no longer any support for these older systems so patches are not made available and they become very easy targets for the hacker.
“In this case a patch was released by Microsoft in April 2017 which should have been applied to all systems.
“This would have helped to limit the effects and the virus may not have been so widespread.
“Instead we have had a situation where many organisations that have been hit are still suffering downtime which can result in a loss of revenue, loss of files and staff not able to work.”
Reducing the risk
The university lecturer also offered some helpful tips for how businesses and individuals can minimise the risk of such attacks.
She added: “People should invest in good security software and update their computer whenever updates are available.
“Having up to date technology is also beneficial as the technology companies will provide support for operating systems so patches will be easily available.
“Organisations also have to realise that data has become highly important to any business operation and should be the first consideration in any security policy.”
How concerned are you about the rise in cybercrime? Let us know in the comments below or by emailing [email protected]