NHS Cyberattack Threatens Thousands in Healthcare Industry

Posted by Frank Strafford on May 24, 2017 in Industry News, Security,
Wannacry

The world is still shaking from the recent WannaCry ransomware attack. The largest cyberattack in England’s National Health Service (NHS) history, this virus may cost innocent people their lives as medical institutions scramble to regain sanity after being infected. Find out what happened, who’s to blame, and how this can be avoided in the future.

How Cybercrooks Made the World Wanna Cry

Global institutions were paralyzed, unable to treat patients after the WannaCry attack that froze medical records, locking down all systems. The medical sector was severely hit, but it was more widespread. Germany’s railway network screeched to a halt as hackers took charge of the Deutsche Bahn computer system. Spain’s Telefonica was also hit, along with FedEx in the U.S., and many others.

The total damage was astronomical. WannaCry infected 250,000 systems, spreading itself across 99 countries around the globe.

How Did This Happen?

Such an attack left many wondering how all this was even possible. A tool called Eternal Blue is a weapon developed by the NSA to be used to retrieve information or gain access to computers of terrorists and other nefarious organizations. It gives users the ability to hack into any Windows OS computer. This tool was stolen by hacking organization Shadow Brokers, who put the virus onto an open server where other groups could utilize it for malicious intent. Computers with outdated software or ones who failed to upgrade to newer versions were susceptible to the attack.

The Far-Reaching Effects

Among the tens of thousands of institutions that were affected by the Eternal Blue malware, were many hospitals, including these British establishments:

  • Barts Health Tru
  • Derbyshire Community Health Services Trust
  • Plymouth Hospitals NHS Trust
  • NHS Greater Glasgow and Clyde
  • NHS Fife, Western Isles, Tayside, Grampian, National Services
  • Colchester General Hospital
  • Scottish Ambulance Services

…among many others. In fact, roughly 20% of UK’s NHS fell.

The Damage Toll Rises

Eternal Blue malware

The Eternal Blue malware infected computers and effectively took control of the entire system. A warning sign showed up on the infected machine informing the user that files were inaccessible. The only way to retrieve these files was to pay the ransom, between $300 and $600. The immediate fallouts of this virus were devastating. Appointments and surgeries were cancelled because important records such as allergies, x-rays, blood tests, and medical histories were inaccessible. Ambulatory services were unable to respond to emergency calls properly, being diverted to different hospitals that hadn’t been affected.

Some hospitals were turning patients away, while others hung signs saying only truly life-threatening emergencies would be treated. Hospital staff was forced to use antiquated practices, sending patients off with hand-written prescriptions and taking notes with simple pen and paper.

The Global Response

The U.S. healthcare systems along with the U.S. Department of Homeland Security and GCHQ’s National Cyber Security Centre were quick to rally. They worked tirelessly to update older operating systems that had patches available. Additionally, Microsoft pushed an automatic update patch for all software versions. All security software was updated as well.

Meanwhile, the U.S. Department of Health and Human Services (HHS) issued an alert warning those in healthcare and public health organizations to boost their cybersecurity practices following the WannaCry attack.

Who’s Really to Blame?

Where to point the finger of blame is a heated topic. Shadow Brokers stole the virus and put it out for cybercriminals to access, but they’re not the ones who used it. So who is really to blame? On the one hand, hospitals were using outdated software that they should have upgraded long ago. With a simple click of a button, this entire mess could have been avoided, making a strong case against individuals who didn’t upgrade out of sheer laziness.

NSA

Many NHS servers were left with ancient software versions, using obsolete systems and leaving gaping holes in the security for months. One figure showed that 90% were using 16-year old software. The NHS is responsible for the entire healthcare system,

they should have been aware of and penalizing anyone with outdated software.

Finally, many are furious with the NSA. This is not the first time that a hacking group stole national security  files that the NSA had been cooking up and secreting away for later, and used them against the world. Several people are accusing the NSA of housing dangerous weapons that aren’t sufficiently protected, putting the entire world in peril in a very Avengers-esque sort of way.

Protecting Yourself from Cyberattacks

There is much that could have been done to avoid such a catastrophic incident, and organizations should be eager to implement procedures (old and new) – yet it remains to be seen that the OIG will jump on board and mandate new security protocols.

Some of the most important procedures and practices health compliance officers can implement to prevent similar attacks include:

  • Inform employees of basic security practices such as not downloading unknown files, clicking on strange links, and connecting unprotected devices.
  • Always keep security and software updated. It can save you from immeasurable damage.
  • Back up files frequently onto servers or devices unrelated to your main network.
  • Finally, and most importantly, make sure you ‘think before you click!’

About Frank Strafford

About Frank Strafford

Related Articles

Compliance Hashtag Bumper Sticker Giveaway!

November 6, 2015

Are you a compliance junkie? Show  your true colors with a hashtag bumper sticker that says it like it is! Choose your favorites, and request them free at www.streamlineverify.com/contact/. ...

Compliance Officers and the HR Department

June 14, 2016

The Differences between Compliance Officers and the HR Department   The HR department of any organization has a crucial role to play in ensuring compliance, and company compliance officers ha...

Beware the Housekeeper

September 2, 2015

The OIG has been known to go after all types of healthcare professionals, but... the housekeeper? Yes, indeed. Itasca County, Minnesota, and its nursing home, the Itasca Nursing Home d/b/a Grand Vil...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

About Us

Industry leader Streamline Verify has been forging new paths in Exclusion Screening.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking

HEALTHCARE ESTABLISHMENTS NATIONWIDE COUNT ON STREAMLINE VERIFY

5

60%

Average workload reduction by implementing the Streamline Verify program

5

10K

Establishments trust Streamline Verify nationwide

5

2011

Serving the healthcare industry’s unique compliance needs since 2011

5

24X

Setting standards with hourly synchronization to primary source data

[class^="wpforms-"]
[class^="wpforms-"]