Cyber Risk Aware Blog

What Can we Learn from the NHS Ransomware Cyber Attack?

[fa icon="calendar"] May 31, 2017 6:16:53 PM / by Stephen Burke

Stephen Burke

This month the UK was faced with its biggest ever cyber-security threat when criminals targeted the NHS and other organisations worldwide using so-called ransomware.

The malware, dubbed 'Wanna Cry' blocks access to all files on the computers it targets until a ransom is paid. The malware is thought to be based on technology stolen from the USA's National Security Agency.

Although government officials claimed that no patient data had been compromised, the incident did cause many non-urgent appointments and operations to be rescheduled and threw many NHS trusts into chaos for days following the attack.

What Can We Learn from this Incident?

The reason that the malware was able to attack NHS computers was two-pronged. The malware targeted a vulnerability in the operating system to gain access, despite Microsoft releasing a patch to solve this vulnerability in March 2017.

Problem One: Many NHS trusts fell victim to this attack because they were running Microsoft Windows XP, a 15-year-old operating system for which Microsoft no longer provides updates and patches.

Problem Two: Some workplaces were running up to date operating systems, but the patch had not been installed, either by individual employees or the IT teams supporting them.

One NHS staff member told The Guardian: "The computers were affected after someone opened an email attachment. We get a lot of spam and it looks like something was sent to all the trusts in the country. Other hospitals have now been warned not to open these emails – all trusts communicate with each other."

The Impact of Human Error

This indicates that human error was the second element which contributed to attackers being able to gain access to the system after someone clicked a link sent in an email.

The Lesson Learned

What we need to take away from this incident is two-fold, ensure:

  1. All operating systems are up to date, the latest updates have been installed (actually confirmed to be installed!),
  2. All members of staff take part in user security awareness training and are regularly tested using simulated phishing attacks so they learn what a phishing email looks like and how to avoid being tricked.

These are lessons which apply to all businesses and organisations, large or small. If you want to keep your business safe from cyber crime, get in touch to find out more about the services we offer.

Request Cyber Risk Aware Demo

Topics: Ransomware, computer patching, phishing email, HSE ransomware

Stephen Burke

Written by Stephen Burke