The NHS has engineers working around the clock right now, to tackle an unprecedented cyberattack.
The ransomware "WannaCry" (variants on the name) took down NHS systems, as well as organisations across 99 countries, spreading rapidly since yesterday afternoon.
The BBC stated about 40 NHS organisations and some medical practices were hit, with operations and appointments cancelled.
What was the attack?
NHS Trusts, GP surgeries and hospitals across the UK were affected. They included hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire, as well as Liverpool and Greater Manchester.
NHS England declared a major incident response. NHS Digital called on the National Cyber Security Centre, the Department of Health and NHS England to support organisations and recommend appropriate mitigations.
There's no evidence that patient data has been accessed.
IT systems were shut down in order to protect them, which meant that all systems were offline and hospitals were unable to accept incoming calls.
“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need," an NHS Trust spokesperson said.
Why did it happen to the NHS?
The crisis reflects weaknesses in the NHS systems.
A Freedom of Information request found that NHS Trusts use the unsupported Microsoft Windows XP which has not updated security for years.
But NHS Digital said this was speculation. "We can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7%, with this figure continuing to decrease."
The attack appeared to exploit a weakness highlighted in secret CIA documents released by WikiLeaks in March, according to Ross Anderson, a Cambridge University computer security expert.
The publication of those documents led Microsoft to issue a "critical" software patch to close the loophole. But, the NHS might not have installed this last month. These factors could apply to all other organisations affected.
How vulnerable are you to attack?
Ransomware is a malicious software that installs code onto every device throughout a network. The software is normally contained in an attachment or link in an email that masquerades as something innocent.
Once opened, the program locks the device and encrypts your data, then demands a ransom to unlock it. In this case, $300 in bitcoin (£230).
The best defence against ransomware is a layered defence. Anti-virus software protects the device from outside attacks, patched operating systems will ensure the latest loopholes are closed, off-machine backups ensure you are not at the mercy of ransoms and informed users are crucial. If one of these defences fails, you can rely on others. If one machine gets infected, you can shut down the machine and stop the spread of malware across the network.
Informed users are a vital part in the defence. Your employees need to know your security plan and the role they play to reduce risks, and, in the event of a breach, to stop the widespread impact. Hackers develop increasingly sophisticated methods to get into the network.
The best operating system can’t protect your network when employees are tricked into running software via links and downloads from innocuous emails or other sharing tools.
Often, we only think about the actual shut down and loss caused by the attack; we do not reflect on the longer term business impact, such as:
- Theft of financial information
- Internal disruption
- Loss of trust
- Financial penalties
- IT costs
It is impossible for any business to be 100% secure. However, it is essential that businesses not only have a security solution in place to reduce the risk, but also have an appropriate plan in place to address breaches if or when they occur.
What should you do if you are attacked?
In the event of an attack, the standard response is to shut down all computers and shut off the connection to the wider network.
Liverpool GP Dr Chris Mimnagh, a GP in Liverpool, said his surgery “severed links” to the wider NHS network as a precaution.
He said: “Unable to access our clinical system – as a precaution our area has severed links to the wider NHS, which means no access to our national systems, no computers means no records, no prescriptions, no results, we are dealing with urgent problems only, our patients are being very understanding so far.”
This only highlights the vulnerability of shared networks and organisations. Constant development of cybersecurity measures is absolutely essential to ward off increasingly sophisticated and targeted attacks.
Organisations need the right level of technical expertise and resources for their needs.