Massive cyber-attack causes deaths and chaos at Casualty/Holby City hospital - maybe

News by Natasha Abramson & Tom Reeve

TV series Holby City and Casualty are about to be hit by cyber-attack in a crossover joint episode. We asked several cyber-security experts to give their view on what dramatic scenarios might actually happen in an attack on the NHS.

TV series Holby City and Casualty are about to be hit by cyber-attack in a crossover joint episode. While this fiction will provide fresh storylines and drama, the reality is, it has already happened in real life with WannaCry. We asked several cyber-security experts to give their view on what dramatic scenarios might actually happen in an attack on the NHS.

Potential culprits ranged from foreign governments to paparazzi

Eastern Europe and foreign cyber-crime

"An enemy state hacks the hospital’s CCTV system through a latent backdoor to identify where their target is, then hops from the CCTV system to the access control system so they can change the records and send in a bogus nurse to kill their victim by switching off their life support." James Wickes, CEO and co-founder, Cloudview

"A former Russian spy is in intensive care after suspected poisoning by our friend Vladimir. The Russians want him dead, so they hack into his life support ventilator." Vince Warrington, CEO, Protective Intelligence

Our expert scenarios ranged from the most probable in real life to the more creative drama-inducing options. Though David Emm, principal security researcher at Kaspersky Lab warns: "While it’s possible to think up very dramatic scenarios that involved a huge human impact. I think there’s a danger of sensationalising the issues surrounding cyber-security. This risks drawing attention from the "simple" issues that affect all organisations"."The most probable scenario would be a receptionist opening an email and clicking a link, or opening an attachment which leads to a ransomware attack." Stephen Gailey, head of solutions architecture at Exabeam

"Staff ignore the pop up warnings in order to open the spreadsheet to give to the surgeons (maybe it's a list of cancelled or amended surgery's for the day)." Javvad Malik, security advocate at AlienVault, an AT&T company.

"A USB device found outside a nurses’ station that has the hospital logo and word 'confidential' written on it - all of which has been mocked up by the attackers. A nurse plugs it into the computer at their station to see what it might be." Jon Fielding, managing director EMEA of Apricorn

"A famous actress is in an NHS hospital.The hacker pretends to be from a tabloid newspaper and sends out an email to the consultant as well as the PR Manager for comment on how certain they are that the celeb will be protected." Nick Wilding, general manager of Cyber Resilience at AXELOS, and author Jerome Vincent.

"A doctor at the hospital is at home with the family, enjoying some well needed rest. Their daughter is using their hospital-issued work computer to play games on a social networking site. Unbeknown to the child, she accidentally infects it with malware that starts stealing sensitive details on the laptop." Joseph Carson, chief security scientist and advisory CISO at Thycotic.

Potential consequences

The effect of an attack can impact hospital equipment, appointment scheduling programmes to preventing surgeons completing surgery.

"Some sort of advanced and destructive attack would be the ultimate nightmare. This would see backups of patient data destroyed and ransomware then deployed with no rollback possible." suggests Simon Eappariello, SVP product & engineering, EMEIA, iboss

Those silly IT people have built a flat network, and the malware spreads across the entire hospital … Everything shuts down - ICU, operating theatres, A&E, vending machines" Vince Warrington.

"The nurses are forced to move to a paper-based system on the wards, and most appointments and surgeries are cancelled - not just for the day, but the week at least. Worse, some of the medical emergency equipment in the ED is also affected, resulting in patient deaths." Jon Fielding

"The hospital pays a bitcoin ransom to regain access to the critical systems. The ultimate misdirection cyber-crime." Joseph Carson

Who gets the sack?

Most of our experts said the blame lay with senior staff such as the Health Secretary, the IT Director, the CEO, but what about an employee?

"As a general rule, sacking/ blame culture is seldom an effective way of encouraging staff to play their part in securing the organisation." concludes David Emm.

The crossover will begin during Casualty on Saturday 2 March and will conclude during Holby City on Tuesday 5 March on BBC One.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews