Everything you need to know about the NHS cyber security attack

On Friday (May 12th), a global cyber security attack hit the UK’s NHS system, plunging the health service into chaos, with operations cancelled and medical practitioners prevented from accessing crucial patient information.

 

The NHS was among the most high-profile victims of the breach, but it was by no means the only organisation to suffer. Reports suggest the attack hit at least 150 countries and Chinese authorities believe as many as one million individual terminals have been affected worldwide.

 

Let’s take a closer look at the nature of the threat, how it unfolded and what organisations are doing to protect themselves from ongoing problems.

What is WannaCry?

WannaCry is the name given to the malicious software that has been infecting businesses, public sector agencies and other organisations worldwide over the last few days.

 

It is a form of ransomware, which locks down IT systems and stops victims from using applications or accessing data. Last year, we highlighted how businesses may be unprepared for this type of threat and ransomware has ranked in numerous studies as a key cyber security risk in 2017.

 

According to the Financial Times (FT), hackers stole a tool called Eternal Blue from the US National Security Agency to “supercharge” an existing version of WannaCry that had already been used earlier in the year.

 

While ransomware usually infects individual computers via email, the new WannaCry is able to spread laterally through networks of different organisations. The FT said Eternal Blue does this by enabling the malware to exploit file-sharing protocols.

 

WannaCry locked users out of their files and demanded $300 (£230) to restore them. Organisations are told their data will be deleted within seven days if a payment isn’t made. Figures from Elliptic Labs suggest only $50,000 had been paid as of 5pm on Monday (May 15th).

Why was the NHS so badly hit?

While WannaCry has affected thousands of organisations across the globe, most of the media focus in the UK has centred on the NHS.

 

The health service cancelled numerous operations and still hasn’t recovered from the attack after bringing patient records offline in an effort to protect data.

 

One of the reasons that the NHS was such an easy victim for ransomware is that some NHS trusts are still running Windows XP – an operating system that was launched more than 15 years ago.

 

Mainstream support for Windows XP ended in 2009, while extended support stopped in 2014. That means many NHS IT networks are running on systems that are outdated and incapable of neutralising sophisticated threats.

 

Media reports suggest that prime minister Theresa May, acting as home secretary in 2015, failed to renew a £5.5 million contract with Microsoft to provide customised support for Windows XP. Meanwhile, trusts with more modern systems have allegedly been slow to perform routine updates.

 

However, the NHS was just one of many well-known organisations to be struck down. Portugal Telecom, Nissan, Renault, Deutsche Bahn, and FedEx also confirmed their systems were hacked.

How has the NHS countered the threat?

Cyber security experts have been working hard over the weekend to patch their systems and bring key infrastructure back online.

 

According to the Daily Telegraph, health officials sent a patch to NHS IT staff on April 27th that would have protected them from the attack. Defence secretary Michael Fallon said the government is already investing £1.9 billion for cyber security protection in the UK.

 

“We’re spending around £50 million on the NHS cyber systems to improve their security. We have encouraged NHS trusts to reduce their exposure to the weakest system, the Windows XP,” he explained.

 

“We warned them, and they were warned again in the spring. They were warned again of the threats.”

 

The spread of WannaCry is thought to have been temporarily halted by a self-taught IT expert who accidentally activated a kill switch. Marcus Hutchins, a 22-year-old known as Malware Tech online, purchased a domain name hidden within the malware’s code for just £8 that acted as an emergency stop on the spread of the virus.

 

Mr Hutchins is now apparently working with the UK Government Communications Headquarters to prevent further attacks during this week.

The aftermath of WannaCry

While WannaCry remained a threat at time of writing, reports claim the spread of the malicious software was slowing down.

 

Nevertheless, Mr Hutchins warned organisations that cyber criminals are likely working on new versions that don’t have the same kill switch that enabled him to mitigate further infections.

 

Anyone running Windows operating systems should be on high alert over the coming days for further developments. Users have been advised to install any security updates immediately and watch out for new patches that antivirus companies release to combat the threat.

 

Given the scale of the incident and resulting media coverage, many organisations are likely to evaluate their current cyber security prevention measures and consider strengthening IT and security teams.

 

Our 2017 Market Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.

 

Image: Marbury via iStock