NHS hit by massive ransomware attack

Over the weekend, the UK’s NHS healthservice was subject to a cyber-attack which disrupted patient referrals, appointment bookings and other operations, according to infosecurity.

It is said to be working through its incident response processes after managed service provider Advanced first detected the malicious activity on Thursday morning.

The firm helps to run NHS 111, a phone and online-based service designed to dispense medical advice for urgent problems.

Andy Norton, European cyber risk officer at Armis, had the following comments:“The latest attack on the NHS 111 system – which has been confirmed to be a ransomware attack on a managed service provider - is leaving patients scrambling to book necessary medical appointments.

”Healthcare has always been a prime target for cybercriminals as well as providers of services to these Trusts that are so critical to societal well-being.

Health services a popular target

”The NHS is particularly vulnerable. In fact, Armis’ research of NHS Trusts has shown that ’suspicious activity’ – including exploit attempts, drive-by attacks, port scans, and connections to the dark web – have risen since this April, with 80% of Trusts experiencing a record level of suspicious activities.

”Though, notably, Trusts’ abilities to protect themselves from these threats have remained the same since pre-April.

”What is clear from these figures is that NHS infrastructure is being targeted more heavily than ever before, so gaining visibility and understanding of all connected assets is vital to the health of these critical services.”

The NHS initially played down the seriousness of the incident.

“There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible – tried and tested contingency plans are in place for local areas who use this service,” noted a statement seen by The Guardian.

Cybersecurity expert Achi Lewis, area vice president EMEA for Absolute Software, suggested such a critical healthcare service provider would have been prepared to respond to such an incident.

“Large organisations such as the NHS are lucrative targets for cyber-attacks and, by association, so are the companies that help the NHS operate digitally like Advanced.

”Ransomware attacks are a case of when, not if, and that means that organisations need to ensure they have the right tools in place to recover, and strong network resilience, else they face a complex recovery process and consequently longer periods of downtime.”

“Preparing for, and recovering from, a ransomware attack is vital in the healthcare sector as some cases going through Advanced’s NHS 111 system are critical and require urgent attention - if a resilient network is not in place and data packets are delayed, or even lost, the rate of response by healthcare staff will be delayed and potentially have serious consequences for the patient.”

“Recovering from ransomware without the right tools is a complex process, and dealing with cyber incidents continues beyond the threat being identified and contained.

”The process of investigation, remediation, recovery and legal response can last years after the initial cyber-attack, which is why organisations, such as Advanced, should ensure they are prepared to respond to ransomware attacks, through secure access solutions and ensuring compromised devices can be remotely frozen, or switched off, so that further breaches don’t occur across a network, resulting in downtime - network resilience is a key element to staying operational.”