NHS Trusts around the UK have been attacked multiple times in the past year, according to a Freedom of Information disclosure.
The NCC group made the FOI request and only recently found that 28 NHS trusts had undergone ransomware attacks in the last 12 months.
Ransomware ranks highly on the list of threats the healthcare industry is currently concerned with. Its strength is not its high level of sophistication, but rather its simplicity. Once downloaded, commonly through a phishing email, it encrypts, and often deletes, files on that computer. It then charges its unlucky victim to have those files decrypted. It requires no communication with a command server, but merely directs victims to a URL where they can pay the ransomers.
Unlike some other healthcare bodies, none of the attacked NHS trusts paid the ransoms demanded, according to NHS Digital.
The healthcare sector has become a favorite target for ransomware, especially in the US, for the high value of its data. As a nationalised system, the NHS has certain advantages over the private US system.
Alex Balcombe, network security specialist at ANSecurity, told SCMagazineUK.com that “the NHS is still pretty much a closed network when it comes to accessing patient data”.
However, “Unlike the US, where patient records need to be more accessible, especially for managing health insurance payments, the UK health funding arrangement also makes areas like health insurance fraud less of an issue which in turn makes the data less valuable to attackers.”
This doesn't mean the NHS is necessarily secure. Another FOI disclosure given to Accellion late last year judged the lack of security as ‘alarming'.
This problem will become all the more acute as the NHS moves to a ‘paperless' system by 2020. Jonathan Mepsted, managing director UK at Netskope, told SC that given that fact, “NHS Trusts will need to ensure the correct security controls are in place in order to remain vigilant to the increasing threat of cyber-attacks such as ransomware demands. This includes watching out for sophisticated methods used to spread malware.”
Mepsted added, “With a growing appetite for sensitive medical data amongst cyber-criminals, and increasingly sophisticated ways of formulating attacks, the healthcare industry needs to respond by ensuring IT teams have the tools they need.”
It is perhaps unsurprising that one of the most pervasive threats within cyber-security, ransomware, should be targeting one of the most valuable attack surfaces, healthcare. The consequences could be catastrophic, according to Rashmi Knowles, chief security architect EMEA at RSA.She told SC, “Ransomware is an extremely lucrative business for cyber-criminals as once they are in, they just need to encrypt the data whereas actually stealing data and then trying to resell makes it a much longer process. Current data shows that ransomware cases are expected to double from 2015 to 2016. It's not a case of if but when for most organisations, with public sector and healthcare most targeted particularly healthcare, as loss of data could mean loss of life.”