NHS ransomware attack: The industry responds

Security experts share their views on how the NHS can protect itself following a major ransomware attack.

A number of NHS hospitals across England have been hit by a major cyber-attack.

The governing body confirmed that several trusts have been hit by an apparent ransomware attack that has left staff locked out of their computers.

The security industry has been quick to respond to the assault - here is ITProPortal's round-up of some of the top comments and advice on hand. 

Chris Ross, Senior VP at Barracuda:


"We commend NHS England on reacting so quickly, and for being open about this attack."

Healthcare records holding sensitive and personal data are 100 times more valuable than stolen credit card details, so it comes as no surprise to see that NHS England has been targeted in this way.

Having been attacked the focus now must be to recover with minimal disruption. We would hope that the hospitals that have been hit have already devised and implemented a comprehensive backup recovery plan that will allow them to recover all encrypted files with minimal effort.

This just goes to prove that cybercriminals don’t care who they target with ransomware, as long as the victim is willing to pay. All sizes of organisations have been targeted, and the impact is far reaching. It’s not just your hard-earned money that is at risk, it’s also your reputation, viability, and jobs."

David Kennerley, Director of Threat Research at Webroot

"Although this is still a developing story, from the outside this sounds very much like a number of simultaneous ransomware attacks.  We are currently witnessing a large volume of ransomware attacks related to, or reportedly related to WannaCryptor, one of a number of names given to this ransomware variant. 

Holding healthcare data to ransom, by encrypting essential business critical and possibly life critical data, has become a very lucrative business model for the bad guys. The attack vector will more than likely be through email, targeted maybe, but more than likely through a large spamming campaign – based on to the relatively low ransom amount and many other unrelated organisations reporting similar infections.

It goes without saying that organisations should test their disaster recovery plan (DRP) regularly. This will help them understand the time it will take to restore systems to a useable state and what data is likely to be lost due to back up schedules. 

If this disruption is due to ransomware it will be interesting to hear what option the trusts intend to take. Let’s hope they are all prepared, with the required backups readily available. The danger with paying the ransom is there’s no guarantee they’ll recover their encrypted data and this only makes ransomware more successful in the long run for hackers."

 John Madelin, CEO at Reliance acsn: 

“The news of this latest cyberattack against hospitals in the UK is part of a deeply worrying trend, and makes it clear that no target is too low for hackers looking to make a quick buck. While specific details are sketchy, hospitals can make particularly soft targets for hackers due to the need to focus on putting tight budgets into patient care.

 As with other organisations, there is also a tendency to use an array of cyber-defence systems which inevitably work in silos and this very patchwork of ‘protection’ lulls institutions into a false sense of security when in reality they’re incredibly exposed.

Security strategies in the healthcare sector need a holistic treatment, with a more integrated, better executed, end-to-end approach – rather than multiple stand-alone security solutions working in siloes. 

The healthcare sector can engineer a culture-shift that will make it more resilient to cyberattack, allowing it to provide better care and prevent the need to cancel operations and treatments because of their networks being targeted by hackers. The fact that patient care is being impacted by this attack is a sobering development, and representative of the damage that cyberattacks can have on organisations and the general public.”

Paul Glass, partner  Disputes & Investigations team at Taylor Wessing: 

"The nature of the attack isn't clear at the moment, but it is being reported as a new version of ransomware that appeared earlier this year. Getting the response right in the first few hours and days after a serious cyber-attack, and understanding the limitations of what little information is available when making decisions, is critical. 

Cyber-attacks cannot be prevented, but a major attack should be planned for, with plans tested on a regular basis, so that the response is as effective as possible and that contingency plans can be put into action.  

While government will no doubt be providing assistance in this case, organisations that have planned well for this eventuality will be in a much stronger position than those that haven't."

Dan Sloshberg, cyber resilience expert, Mimecast:

“Patient safety is at risk today because of archaic security across much of the nation’s critical IT systems.

Studies consistently show that email is the number one attack method used to spread malware that holds critical services to ransom.

A cyber resilient nation requires defence in depth security and continuity plans to keep critical services running every time they are attacked.”