CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: Defence Contracts International Supply2Defence

Official Media Partners for:

A new whitepaper from Imperial College London discussing how the NHS can improve cybersecurity has been presented at the House of Lords.

In 2017 the NHS experienced a ransomware attack which affected around 16 health service organisations across England and Scotland. The ransomware, developed by the US to exploit the CVE-2019-0708 weakness in Microsoft, demanded payments of $300 and $600 to regain access to obscured data, leading many practices to resort to pen and paper, send patients to other hospitals, and warn people to only use their local hospital for emergencies. The attack affected most systems, including telephones. The ransomware also affected public organisations in Russia, Ukraine, Singapore, Taiwan, and India. It is estimated that the ransomware cost the NHS £92million. Over 19,000 appointments had to be cancelled, costing around £20million, and the upgrades to IT systems and clean up in the aftermath cost £72million.

Following the attack, the NHS signed a deal to upgrade local service computers to Windows 10. The ransomware uses EternalBlue exploit, developed by the NSA, which gains access through weaknesses in older Windows operating systems such as Windows 7, Windows Vista, and Windows XP. The same weaknesses aren’t present in Windows 10. Microsoft issued a patch to remove the weakness in older systems that made the attack possible. The NHS also increased infrastructure spending by £60million following the attack, focusing on vulnerable services such as trauma and ambulance services. In 2o18, the government released a report titled ‘Security and Cyber Resilience in Health and Care’. In the report the NHS was promised:

  • £150million investment over the next three years
  • A new Cyber Security Operations Centre
  • A new Data Protection toolkit
  • The implementation of changes recommended by the Chief Information Officer for Health and Care’s review of the May 2017 WannaCry attack
  • Support for 25 local NHS organisations through the ‘Blue Teams’ pilot
  • A full estimation of the cost of the cyber attack.

According to Kaspersky Lab, 75,000 of their clients reported WannaCry attacks since the NHS was affected in May 2017. The data also showed that WannaCry was responsible for 28% of attacks in the third quarter of 2018, up by two-thirds compared to the third quarter of 2017. Many organisations installed the fix released by Microsoft but many remained vulnerable, including Boeing, which was hit in March 2018 as the patches were not in place. The ready availability of these fixes meant they were able to recover from the attack quickly. Kaspersky recommended that organisations stay informed of updates and patches available for all operating systems.

The Imperial College London whitepaper comes from the Institute of Global Health Innovation and was lead by Professor the Lord Ara Darzi. The paper points to outdated systems, a skills deficit, a lack of investment, and a lack of awareness of cybersecurity as the main issues still leaving the NHS open to ransomware. The report, which compiled evidence from the UK and from health systems around the world, praised what has already been done but recommended further investment. It also recommends employing cybersecurity professionals on IT teams, installing ‘fire breaks’ into their systems to isolate certain parts if they become infected, and enforcing communication systems that allow staff to access information on cybersecurity and what to do in the event of an attack. The report also detailed the need for cybersecurity to be at the centre of new medical technologies such as robotics, implant devices, and gene-based medicine.

New reports suggest that ransomware is becoming more sophisticated. Attacks can affect all levels of NHS systems, including test results, medical records, and could even allow hackers to steal a patient’s identity. The greatest risk involves patient data being altered, which could result in them receiving the wrong care or major issues being unrecognised. Wannacry attacks on Singapore healthcare systems in 2018 compromised 150million patient records. Most modern hospital records, test results, and patient information details are stored digitally, making it crucial to ensure they are protected. The financial impact can also cause huge problems for the NHS, which is currently undergoing problems with funding.

Dr Saira Ghafur, one of the main authors of the whitepaper, said: “Addressing the issue of cyber security will take time, as we need a shift in culture, awareness and infrastructure. Security needs to be factored into the design of digital tools and not be an afterthought.”

“NHS trusts are already under financial pressure, so we need to ensure they have the funds available to ensure robust protection against potential threats.”

The main focus of the report is the need for investment. Lord Darzi recommended further investment into research on how the NHS is vulnerable and how it can be strengthened. The report includes details of the recommendation from the Department of Health that the NHS create a Care Computer Emergency Response Team to support cybersecurity. However, they said that all staff across the NHS must be made aware of how to maintain cybersecurity. This includes measures such as not sharing passwords, never leaving computers unlocked, and not emailing data, especially sensitive patient data, to personal email addresses. Staff being made aware of these simple changes could prevent malware from entering into computer systems.

The main target of the Wannacry malware was SingHealth, the healthcare system in Singapore. One factor was website defacing, which was done through SingHealth sites mounted on WordPress. A report from the CSA examined the lasting effects of the attack and how cybersecurity has changed in the country since. A year on from the attack, there was a 30% drop in phishing URLs with a Singapore link, 16,100 in total. The number of phishing attempts increased during major events such as the US-North Korea summit in Singapore. This year, Singapore’s independent privacy watchdog fined SingHealth $750,000 for failing to secure patient data. Advanced threat detection software has been installed across SingHealth networks access to dedicated workstations has been restricted. Database monitoring has been put into use to spot vulnerabilities in coding. SingHealth representatives have spoken about their commitment to improving cybersecurity and reacting quickly to any threats.

Want to know more?

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

administration communications cybersecurity electrical health online ICT installation maintenance NHS office Research security software Training

Post written by: Vicky Maggiani

Vicky has worked in media for over 20 years and has a wealth of experience in editing and creating copy for a variety of sectors.

LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


RELATED ARTICLES

Immersive technology like Extended Reality (XR) is increasingly becoming an essential part of the Defence industry, from immersive training for infantry, naval and armored specialists.

November 7, 2024

Homeland - UK to support NATO space launch capabilities and artillery supplies

Defence Secretary agrees to range of initiatives from boosting ease of access to space and virtual training to developing cutting-edge

A major construction milestone has been marked at the new Catterick Integrated Care Campus with the completion of the building's steel frame.

September 17, 2024

Homeland - Major construction milestone for Catterick Integrated Care Campus

A major construction milestone has been marked at the new Catterick Integrated Care Campus with the completion of the building’s