NHS hit by cyber attack

A major cyber attack has hit NHS services in England and some in Scotland.

According to the BBC, staff have not been able to access data, which has been scrambled by ransomware, although there is no evidence that patient data has been accessed.

NHS Digital has confirmed that a number of NHS organisations have reported being affected by a ransomware attack.

In a statement NHS Digital said: “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. At this stage we do not have any evidence that patient data has been accessed.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

Reports on the BBC say that up to 25 NHS organisations and some GP practices have been affected.

A Downing Street spokesman said the prime minister Theresa May, was being kept informed of the situation, ans health secretary Jeremy Hunt is being briefed by the National Cyber Security Centre.

Barts NHS Trust has said that it is experiencing major IT disruption and there are delays at all of its hospitals. It has activated its major incident plan to make sure it can maintain the safety and welfare of patients.

The Trust has apologised that it has had to cancel routine appointments, and is asking members of the public to use other NHS services where possible. It is diverting ambulances to neighbouring hospitals.

In Nuneaton, the George Eliot Hospital revealed it is dealing with what it thinks is a cyber attack and has shut down a range of systems as a precaution.

Other hospitals said to be affected include North Cumbria University Hospitals NHS Trust, Blackpool Teaching Hospitals NHS Foundation Trust, East Lancashire Hospitals NHS Trust and GP practices in Liverpool.

Israel Barak, CISO at Cybereason, commented: “We know that ransomware purveyors are often savvy e-marketers that know their targets, and it is not uncommon for a ransomware gang to run multiple campaigns at the same time, with tiered pricing based on a variety of parameters such as vertical industry, region, age, etc. However, the attacks on the NHS trusts across the UK seem to show particularly ruthless calculation even by criminal standards, banking on the trusts having weak defences and being especially desperate to restore access to their systems due to health and even lives being at stake.

“While ransoms have surpassed the hundreds of thousands mark, the goal is to set a price that makes it either cheaper or easier for the victims to pay the ransom then to recreate or restore the compromised systems, especially when the victim has a sense of urgency. Today’s ransoms show that this can still be very costly, especially when it comes to lost operational time and data. We’ve seen many examples where companies didn’t have the proper backups in place and decided to pay the ransom so that they could resume normal business operations, and that will obviously be a pressing concern for the affected trusts.”

Allan Liska, senior solutions architect at Recorded Future said: “The ransomware infection that is spreading throughout the United Kingdom, and the world, is version 2.0 of WanaCypt0r (aka WCry, WannaCry, and WannaCryptor). Recorded Future saw the first appearance of this ransomware on March 31st, but the version that is rapidly spreading has made some significant changes.

Specifically, the new version takes advantage of the SMB vulnerability outlined in Microsoft Security Bulletin (MS17-010), also known as the EternalBlue exploit. This means that once the ransomware gets into a network it can spread quickly through any computers that do not have that patch applied. The worm-like capabilities are the new feature added to this ransomware.

The attacks that have taken place do not appear to be targeted attacks, instead they appear to be part of a phishing campaign, though that has not been fully confirmed. Infections of the new version of WanaCypt0r started in Spain earlier today, but have since spread to the United Kingdom, Russia, Japan, Taiwan, the United States and many more.

Given the relative ineffectiveness of the first version of WanaCypt0r, it is likely the author did not expect this type of success from the new campaign, which could cause problems for any organisation that attempts to pay the ransom. For now, the best advice is to ensure that all Windows systems are fully patched, to ensure that firewalls are blocking access to SMB and RDP ports, and to educate users to watch out for suspicious emails.”

 Last year three medical centres in the United States were hit by similar ransomware attacks – these are still being investigated by the FBI.

 

 

 

 

 

 

 

 

 

 

 

 

Ambulances have been diverted and patients warned to avoid some A&E departments as a result of the attack.

NHS Digital said the ransomware attack was not “specifically targeted at the NHS” and was affecting other organisations.

A massive ransomware campaign appears to have attacked a number of organisations around the world.

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

NHS Digital said the attack was believed to be carried out by the malware variant Wanna Decryptor.

An NHS Digital statement said: “NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

Analysis

 

 



'NHS hit by cyber attack' has no comments

Be the first to comment this post!

Would you like to share your thoughts?

Your email address will not be published.

© 2017 Rapid Life Sciences Ltd, a Rapid News Communications Group Company. All Rights Reserved.

Privacy policy

Terms and conditions