NHS Cyber Security Breach makes users WannaCry

6 years ago

Paralysing NHS departments across England and Wales, last week's WannaCry Ransomware attack continues to shut down healthcare operations and demonstrated, UK operational exposure to cyber attacks to devastating effect. As GP surgeries struggled to obtain information from Primary Care trusts and many operations were cancelled due to the cyber-outbreak, the public sector have scrambled to assess the effect on all public services as NHS under-investment comes under the spotlight. It again highlights how frighteningly dependent on technology we have become.

"The WannaCry Ransomware attack was the biggest NHS security breach, certainly in my 30 years in the industry."

Ethar Alali is founder of Axelisys, an enterprise technology and cloud computing firm in Manchester, UK.

"With computing technology now front and centre of everyone's lives, there are huge numbers of potential attack vectors or angles hackers can strike at. What was perhaps commonly unexpected, was the apparent use of a leaked NSA vulnerability. Spy-tech just went rogue!

WannaCry, also known as WannaCrypt or WannDecrypt0r, is a general, untargeted ransomware scam, which encrypts information on disk and asks the user to pay $300 in the virtual currency, BitCoin. It infects any unpatched computer, anywhere, using any version of Microsoft Windows, and seemingly, not just Windows XP as was commonly thought.

Successful, high profile cyber-attacks have exploded over the last 5 years, with UK targets ranging from Talk-Talk losing 157,000 customer records, to Sony Playstation's 77 million records. In March alone, 74 million records were compromised.

"Even Yahoo, a specialist tech & media company, lost over half a billion user accounts in a single cyber attack incident in August 2016. Whilst that was relatively sophisticated, the frustrating thing about the NHS incident is it was entirely preventable. Especially since Microsoft released updates for all Windows systems in March and crucially, those updated are all free and can be applied automatically! No person need ever be involved."

Ethar pins the blame squarely at processes and culture and rejects assertions of under-investment.

"The one thing this wasn't, was a money problem! Currently, in a lot of cases, applying a crucial security update to NHS computers is still a very time consuming, laborious, bureaucratic process, which puts organisations and departments off doing it, or at best delays the fix, in turn putting them at significant, ever increasing risk. The longer you are out of date, the more likely you are to be hit, especially as cyber-attacks become ever more frequent. The irony is some UK public sector information governance processes, designed to protect information, can actually get in the way of preventative action, leaving open the very holes they were created to plug."

In 2016, cyber-attacks cost UK organisations £34 billion and is forecast to become a $2 trillion global industry by 2019. Greater than the GDP of Canada, Italy and Brazil. Experts are only expecting the problem to get bigger.

"Keeping system up-to-date is essential these days. The reason why they aren't are not valid now, like they were a decade ago. Security is a people, processes and systems problem. Security is a holistic concern. Everyone within an organisation should understand their role in protecting information and that protection should be a first class citizen of all endeavours. Nothing should get in the way of that. Breaches always hit the weakest link in the chain so we all have to work together, in harmony, to keep our data safe. All reports seem to suggest that no other country's healthcare digital services have been affected like the NHS have and we should probably take this a warning that we have some catching up to do."

As the NHS continues its recovery, with a general election in June and "Brexit bus" promises still raw in the minds of some, NHS funding is likely to come under renewed and intense scrutiny. So far, there have not been any further reports of attacks within the NHS, suggesting the worst is over. How it rebuilds it's digital strategy now, will be a hot topic for the immediate term.

-----

Axelisys help organisations large and small create embedded, high performance IT functions and platforms. You can find out more about them at www.axelisys.co.uk, follow them @Axelisys or get in touch by email hello@axelisys.co.uk

Attached Media

About Axelisys

Our utopia: A world affecting opportunity, embracing improvement, change, diversity & critical thought. By day, Enterprise Tech Advisers, Analysts & Strategists, by night our superheroes that empower, educate and enhance the human experience. A question opens a world of wonder, wealth, change & hope. The answers are often stranger than fiction, lead to other valuable insights and are never what you think. Axelisys was born to help organisations identify that magic and answer the digital questions most important to them and their customers. As experts in all IT subject matter, across SME's and enterprise clients alike, there is nobody better to speak to about each and every area of digital technology and how it fits into their business and personal lives. From modern day cyber-security threats, to blue-chip enterprise systems combining Machine Learning, AI, Cloud and Big Data, to disruptive startups working on cutting edge Internet of Things technology to improving the services consultancies deliver. Axelisys helps them all succeed. Yet, it all starts with a question. What's yours?