NHS services across England have been hit by an IT failure caused by a significant cyber attack, with Trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire all affected. Some GP surgeries have shut down their phone and IT systems while Accident and Emergency Departments have told people not to attend unless it is a real emergency.
NHS Digital said in a statement that a number of NHS organizations have been affected by a ransomware attack, believed to be the malware variant Wanna Decryptor, but it was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.
At this stage there is no evidence that patient data has been accessed. NHS Digital say they are working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organizations and ensure patient safety is protected. The focus is on supporting organizations to manage the incident swiftly and decisively.
Ransomware attacks are becoming more and more commonplace with public sector organizations arguably receiving an unfair proportion of the attacks due to a perceived, or perhaps even an actual, weakness in their cyber defences. Threats to our organizations in the cyber world can be just as disruptive as any physical event. With healthcare providers across the country having to cancel services, it is clear that this is an alarming situation for the NHS.
“It doesn’t matter where the threat comes from, organizations must have plans in place to deal with the consequence of disruptive events” said David Thorp, Executive Director of the Business Continuity Institute. “By putting plans in place to deal with such events, it means that organizations are better prepared to manage through them, lessen the potential impact, and still provide an appropriate level of service to their customers.”
So how do organizations prepare for a possible ransomware attack? First and foremost, they must make sure that their data is backed-up. If it data is backed-up and the organization experiences a ransomware attack then they can isolate the ransomware, clean the network of it, and then restore the data from the back-up. It’s not necessarily an easy process, but it means they don’t lose all their data and they don’t pay a ransom.
Make sure the operating system and installed software are up to date with the latest security patches, and that anti-virus and anti-malware tools are conducting regular scans of the network so they can pick up anything malicious before damage can be done. Configure access controls to the file directory so users can only access the files they need. The more restricted the flow of data is across the network, the better chance there is of stemming the spread of a ransomware attack.
They do say that prevention is better than cure, so one way to reduce the impact of ransomware is to stop it happening in the first place. The vast majority of the time, the user has to do something to install the software – click on a link, open an attachment – so if the user doesn’t do that, then the software can’t install. It may not be quite as simple as that, but it is important to develop a culture whereby users think twice about their actions.
With Business Continuity Awareness Week taking place next week, and event themed around cyber security and the need for organizations to make sure they prepared for disruptive events in the cyber world, the Business Continuity Institute is calling on all organizations to make sure they have plans in place to deal with such events so that disruptions don’t turn into disasters.