Skip to content
Skip to main content

Should the NHS have been better prepared for the cyber-highwaymen?

Updated Monday, 15 May 2017
The Wannacry malware attack which locked down vital systems throughout much of the NHS on Friday was preventable, explains Conor Deane-McKenna.

This page was published over 7 years ago. Please be aware that due to the passage of time, the information provided on this page may be out of date or otherwise inaccurate, and any views or opinions expressed may no longer be relevant. Some technical elements such as audio-visual and interactive media may no longer work. For more detail, see how we deal with older content.

Highwaymen - Sixteen String Jack, Claude Duval, Tom King and Dick Turpin - celebrate their crimes Stand and deliver: Your money or your files?

In a matter of hours, the NHS was effectively placed on lockdown with computer systems being held ransom and further machines powered down to prevent the spread of malware. Critical patient information has been inaccessible and several hospitals urged people to avoid accident and emergency departments, except in cases of real emergencies. The Conversation

Ransomware is the form of computer malware that has infected the NHS. Typically, it encrypts user information and then demands payment before unlocking the information. In this case the ransomware demands a fee of US$300 (£230) payable in the crypto-currency, bitcoin, allowing the perpetrators a degree of anonymity.

British law enforcement have called it a criminal attack rather than one orchestrated by a foreign state. The British public can take some small comfort in this; criminal organisations are not as well funded and the malware may be easier to remove without the loss of patient files. It is too early to say categorically who is responsible for the attack though it is certainly the most devastating cyber-attack on British infrastructure ever.

But it is not just British infrastructure that has been affected by the ransomware. The Spanish telecommunications firm, Telefonica, was also attacked. There have also been a large number of other suspected attacks, notably in Germany, the Philippines, Russia, Turkey and Vietnam. A total of 99 countries have suffered from this attack so far. Whether this is as a result of a larger international criminal organisation is still unknown, however, the rapidity with which the infections are spreading is very concerning.

The attackers’ motive is perhaps clear: financial gain. Though if one looks beyond the relatively small demands of the ransomware, there is something larger at play here. Cyber-criminals will often boast of their exploits to others to gain a level of prestige among their peers. So, while we can often see money as the primary driver for this kind of attack, there may be other motives that will remain hidden.

Out-of-date systems and lack of training

The question of how this could have happened will be one that will produce several damaging reports outlining poor training and infrastructure. It has been clear for years that various NHS trusts have been lagging behind with upgrading their systems.

In 2016, Motherboard submitted Freedom of Information Act requests to 70 NHS hospitals, inquiring as to the number of machines owned that were still running Windows XP. An alarming 42 out of 48 respondents stated they still worked with machines using XP. This is made far more concerning by the official end of Microsoft support for Windows XP in April 2014. While funding to ease the changeover through extended support and eventual move to a more modern operating system was made available, there are still many NHS computers running Windows XP. This is putting the safety and privacy of patients at risk.

The UK government could improve this by providing better training. It is not immediately obvious to anyone that accessing personal information, such as emails, Facebook or Twitter, can have potentially damaging consequences. Opening a document from a friend, or a link through Facebook can be devastating if proper codes of conduct are not put in place. Something as simple as bringing in a USB (thumb drive) from your home to transfer large files from one computer to another could have the same effect, if the USB has been infected.

Modern anti-virus software and up-to-date operating systems can only do so much. It is therefore vital to invest more in cyber-security training for all staff working with sensitive information. This attack proves that the UK’s cybers-ecurity policy needs further work.

This article was originally published on The Conversation. Read the original article.


Become an OU student

Ratings & Comments

Share this free course

Copyright information

Skip Rate and Review

For further information, take a look at our frequently asked questions which may give you the support you need.

Have a question?