Being a vital public service and large employer, the NHS must protect the sensitive data of millions. Complex IT systems increase vulnerability to cybercriminals, including ransomware targeting the NHS
Over 250,000 outpatient appointments are held by the NHS daily, which doesn’t include the many patients staying at one of its 1,230 hospitals across the UK. Every interaction has a data trail, so the NHS handles millions of weekly data records.
Ransomware targeting the NHS
In addition, there is also a considerable amount of data created by running NHS operations behind the patient frontline services such as HR, procurement, and finance.
The more that organisations rely on data, the more significant the impact hackers can have by interfering with it.
And the more influence a hacker can have, the more likely their victims will pay to get their systems back online.
This has driven the explosion in ransomware that we’ve seen over recent years. Healthcare is especially at risk, as a data breach could (and does) disrupt some of the country’s most essential services.
Out of all recorded healthcare ransomware attacks, 61% of trusts and NHS-related organisations paid the fee to decrypt their data or prevent a leak or sale on the black market.
80% of healthcare organisations suffer from ransomware attacks
And with 81% of UK healthcare organisations suffering some form of a ransomware attack, it becomes clear just how big the problem of ransomware targeting the NHS is.
With attacks costing thousands of pounds up to £100 million, the cash-strapped NHS is keen to take decisive action against ransomware targeting the NHS — frameworks have already been established.
The NHS’ Data Security and Protection Toolkit responds to several crippling ransomware attacks and data breaches. The toolkit covers the usual actions and reactions, like protecting vital systems and privileged accounts, with a strong focus on managing backups effectively.
Backups are critical to surviving cyberattacks
Backups are a complicated type of data to recover.
Ransomware attacks often involve paying the attacker for a decryption key to regain access to data, but often the decryption key doesn’t work, or the code has been tampered with.
While backups are critical in surviving ransomware attacks, the ability to refuse payment of a ransomware demand requires organisations to be confident that the risk has been contained – data can be restored without paying. No data of any value has been stolen. That means having reliable backups but also being able to isolate all valuable data.
Attacks won’t stop on healthcare services
One of the most high-profile ransomware attacks in history revolved around the NHS. 2017 the Wannacry attack hit almost a hundred countries, targeting public and private sector organisations.
The impact on the NHS and healthcare services was severe. Hundreds of thousands of appointments were cancelled, emergency care services almost halted, and NHS staff had to use telephones and pen and paper to keep services up and to run.
The attack was so successful because it exploited a straightforward issue related to certain NHS systems running unpatched versions of Windows 7. It quickly spread throughout the N3 centralised NHS networking, affecting almost everything but the NHSMail email system.
Wannacry was the most significant and damaging ransomware attack the NHS has faced, but smaller-scale attacks can add up to a much higher cost than a single incident. For example, in 2022, a relatively underreported ransomware attack on the NHS 111 service caused issues that took weeks to fix and severely impacted non-urgent and out-of-hours services.
With attacks becoming increasingly frequent and more sophisticated, IT departments must be prepared to deal with them at any moment.
Time to understand your data
Surviving any ransomware attack starts with understanding your data – what it is, where it is, and what it’s worth. This enables strategic data protection and gives organizations the information they need to respond effectively to extortion attacks.
If a ransomware attack is a matter of ‘when’ rather than ‘if’, knowing ‘when’ becomes critical. Fast anomaly detection that can allow accurate recovery point identification and protection against exfiltration will help minimize the impact of a successful attack.
Backups are critical, but so is the ability to identify what data has been compromised so that organisations can make an informed decision about paying a ransom.
Isolating valuable data is crucial
Did the cybercriminals take the health records of all patients that had blood tests last week, or did they take next week’s lunch menu for the canteen? Being able to isolate the most valuable data is crucial.
Ransomware attacks can have severe consequences for the NHS, including disruption of services, financial losses, compromised patient data, damage to reputation, increased vulnerability, and at their worst, they could even result in the loss of life.
The NHS must take proactive steps to prevent these attacks, including implementing strong security measures and training staff to prevent, identify and respond to potential threats. By doing so, the NHS can help ensure the safety and privacy of its patients while continuing to provide high-quality care and save lives every day.
This piece was written and provided by Barry Cashman, Regional Vice President UKI at Veritas Technologies