Are you protected from the next big cyber attack? Pro Diagnostics UKFeatured Products Promotional Features
Posted by: probe-admin 6th December 2018
Earlier this year the person behind the NHS cyber attack of 2017 was revealed to be a North Korean individual who is thought to be linked to the Lazarus Group – a hacking collective believed to be behind the attacks on Sony in 2014.[i]Whilst this is positive news considering how difficult it can be to trace the people behind large scale hacking, it does raise the question as to whether healthcare industries, including dental practices, are prepared should there be another attack in the future.
The damage done
Protecting your practice against cyber attacks is significant, especially as computers are now at the very heart and soul of how practices operate on a daily basis. The NHS cyber attack was debilitating because the hackers implemented ransomware – special software that infiltrated systems and encrypted files, blocking them from access whilst demanding payment.
This sort of software is usually protected against by patches and other software updates from computer manufacturers such as Microsoft, but as everyone is not always on top of updating their computers, weaknesses soon become available for hackers to exploit. This was much the case in the NHS cyber attack, and this affected 80 digital systems out of the 236 NHS trusts across England, alongside those in another 603 NHS organisations and 595 GP practices. Infection by this ransomware resulted in computers and even phone lines becoming unoperational,[ii]interrupting daily services and causing turmoil.
In many cases this meant that practices and institutions had to revert to pen and paper or use their mobile devices, interrupting patient treatment and appointments. According to the investigation by the National Audit Office, almost 7,000 appointments were confirmed to be cancelled, but this figure did not contain all types of appointment. Plus, because it is impossible to know the full extent of disruptions to services, it is estimated that up to 19,000 appointments could have been cancelled in total. The report also states that these numbers don’t take into account the people who had to travel much further to access accident and emergency services.[iii]
The critical backlash
Aside from the numerous patient lives that were affected by the attack, organisations came under fire for not protecting and updating their digital systems properly. In a test that occurred before the attack, it was revealed that 88 of the 236 NHS trusts did not have the required cyber-security standards in place. This was a red flag for NHS Digital, who urged these trusts to update their software in order to improve protection – however, these measures were not taken.
Due to the interconnected nature of software within organisations such as the NHS, this enabled the ransomware to spread very easily and in an uncontrolled pattern. This destructive cycle was only curtailed when cyber-researcher Marcus Hutchins accidentally stopped the spread by registering a domain name linked to the malware, preventing it from spreading further automatically.[iv]
Perhaps the most worrying aspect of this attack is that it has been routinely described as “unsophisticated”.[v]This infers that if a more organised attack on healthcare systems should ever be orchestrated, it’s likely that patient data could be easily compromised, distributed and sold, resulting in a breech of privacy and safety for countless people.
Where we are today
Despite the severity of the attack and the national panic that ensued, it appears that many healthcare industries have still not implemented appropriate protection. A set of 22 “lessons learned” recommendations was published following the attack, but in spite of this the suggestions have yet to be costed and implemented even a year after the event.[vi]
In light of this, it’s necessary that dental practices take every measure they can in order to keep their data safe, especially whilst these protective guidelines and measures are still being plotted out.
The most effective way to protect patient data is to implement security software that can stop hackers in their tracks, as well as shield against vicious programs such as ransomware.
PROPACS from PRO Diagnostics UK is one such solution. Not only does PROPACS keep sensitive patient image data such as radiographs safe through a combination of cloud-based storage and intelligently encrypted software, but it is also a GDPR compliant way to save and share images with other professionals.
In a digital world there is always going to be threats from hackers, viruses and malicious programs that can put important data and information at risk. By ensuring that we learn from past mistakes and implement appropriate security software, crises like the 2017 NHS cyber attack can be prevented in the future, keeping our healthcare industries up and running and patients protected.
For more information, please visit www.prodiagnostics.co.ukor email sales@ prodiagnostics.co.uk
[i]BBC News. North Korean “Spy” Charged Over NHS Cyber Attack. Link: https://www.bbc.co.uk/news/technology-45440533[Last accessed September 18].
[ii]The Telegraph. NHS Cyber Attack: Everything You Need to Know About ‘Biggest Ransomware’ Offensive in History. Link: https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/ [Last accessed September 18].
[iii]National Audit Office. Investigation: WannaCry Cyber Attack and the NHS. Link: https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/ [Last accessed September 18].
[iv]BBC News. NHS ‘Could Have prevented’ WannaCry Ransomware Attack. Link: https://www.bbc.co.uk/news/technology-41753022[Last accessed September 18].
[v]BBC News. NHS ‘Could Have prevented’ WannaCry Ransomware Attack. Link: https://www.bbc.co.uk/news/technology-41753022[Last accessed September 18].
[vi]BBC News. NHS Ransomware Attack Response Criticised. Link: https://www.bbc.co.uk/news/health-43795001[Last Accessed September 18].
No comments yet.
Sorry, the comment form is closed at this time.