Ransomware and the NHS: Securing vital care

With over 250,000 outpatient appointments each day across 1,229 hospitals in the UK, alongside everything from procurement receipts to HR documents, it’s safe to say that the NHS deals with a serious amount of data across its interconnected tech and systems. So what happens when a hacker decides to breach and seize that data?

The public sector has been a target for ransomware attacks for a long time. But why? Surely it makes sense to target profit-making organisations with more to lose?

Well, the answer lies in leverage. With hackers well aware that public sector organisations just won’t risk their data being compromised, it makes sense to target the most vulnerable data sources. Healthcare is especially at risk, as a data breach could (and does) result in disruption to some of the most important services in the country.

The numbers tell the tale: out of all recorded healthcare ransomware attacks, 61% of trusts and NHS-related organisations paid the fee to decrypt their data or prevent a leak or sale on the black market. And with 81% of UK healthcare organisations suffering some form of ransomware attack last year, it becomes clear just how big a problem ransomware attacks are for the NHS.

The NHS is something of a magnet for ransomware attacks and cyber fraud, for a number of reasons.

First is the sheer amount of data the NHS handles on a daily basis. Patient records, addresses, personal data, payment details and of course confidential medical information runs into billions of records.

Then there’s the inconsistent way that data is stored. The NHS operates using a mix of centralised and local systems, with personal data, payment data, in-depth confidential medical information and much more kept on everything from secure servers to not-so-secure pen drives and laptops. The opportunity for hardware to go missing is high, as is the ease of targeting legacy software systems that aren’t under the umbrella of much newer, more secure central systems like N3, the NHS’ central data repository and communication platform.

The third unique threat is the age of the systems and infrastructure in the organisation. For example, MRI scanners in certain hospitals are sometimes into two or three decades of service, with legacy software to match. These systems just don’t benefit from modern cyber security coverage – and that is an open door to savvy hackers who know how to exploit these insecure entryways into NHS data.

The NHS is well aware of these issues based on previous and current threats, and frameworks have already been put in place. The Data Security and Protection Toolkit is a response to a number of crippling ransomware attacks and data breaches. The toolkit covers the usual actions and responses, like protecting vital systems and privileged accounts, and there’s a strong focus on managing backups effectively.

Backups are a particularly difficult type of data to recover. Ransomware attacks often involve paying the attacker for a decryption key to regain access to data, but often the decryption key doesn’t work, or the code has been tampered with. This governance is a good step in the right direction, but it just isn’t adequate for sophisticated, aggressive attacks. A complete overhaul is the only real solution to the problem.

One of the most high-profile ransomware attacks in history had the NHS squarely in its centre. In 2017, the Wannacry outbreak hit almost a hundred countries, targeting both public and private sector organisations. The news pictures showed computer screens and even the screens used to show information in hospitals locked, with a message screen demanding a ransom in Bitcoin to restore functionality and allow access to data again.

The impact on the NHS and healthcare services was particularly severe. Hundreds of thousands of appointments were cancelled, emergency care services almost halted, and NHS staff had to resort to using telephones and pen and paper to keep services up and running.

The reason the Wannacry attack was so damaging was down to a very simple issue related to certain NHS systems running unpatched versions of Windows 7. The attack spread throughout the N3 centralised NHS networking, affecting almost everything but the NHSMail email system.

Wannacry was the biggest and most damaging ransomware attack the NHS has faced, but subsequent, smaller-scale attacks can add up to a much bigger cost than single incident. For example, in 2022, a relatively underreported ransomware attack on the NHS 111 service caused issues that took weeks to fix and meant that non-urgent and out-of-hours services were severely impacted.

Unfortunately, with attacks becoming more sophisticated and more regular, dealing with ransomware is becoming ‘business as usual’ for many NHS IT departments.

Veritas Technologies, which specialises in cyber security and ransomware strategy, is a long-term partner of SCC and an integral part of SCC’s focus on providing the very best in technology services to the public sector. Some of their solutions include:

● Data Compliance and Governance: protect sensitive data and meet regulatory requirements when it comes to protecting data from attackers. This preventative measure means you can keep your data protection up to speed, even for the most sophisticated cyber attacks.

● Data Migration: move exposed data from hardware or less secure digital storage to cloud-based servers encrypted with the latest cyber security essentials. You can also retain full visibility of data and ensure complete storage compliance in line with NHS data security governance. This means you can recover quickly from an attack and get things back up and running much faster.

● Business Continuity and Disaster Recovery: from minimising impact, to getting vital systems back online faster: stay operational in the event of an attack. This solution is aimed at systems that have the biggest impact if they are unavailable, making it ideal for essential NHS services.

Veritas has a wide range of other cyber security essentials available too, from training and compliance through to system analysis and upgrade.

With every single corner of the NHS at risk from ransomware and cyber attacks, preventative steps absolutely need to be in place, even if the data at hand doesn’t seem to be particularly valuable or sensitive. Even the smallest ransomware attacks will cost thousands of pounds, and large attacks, like Wannacry, could cost up to £100 million.

On top of that, reputational damage and a breach of compliance regulations means the cost goes much further than budget impact – ransomware attacks are also a threat to employee welfare.

With a unique, tailored cyber security and ransomware solution, SCC and Veritas can put in place preventative measures and a more effective framework that is designed to mitigate the effects of attacks that use next-gen technology like AI-codebreaking and frequency hacking.

Let us help you to identify threat and risk points, and ensure your department isn’t brought to standstill by a ransomware attack

How we might use your information

We may contact you by phone or email, if you have not opted out, or where we are otherwise permitted by law, to provide you with marketing communications about similar goods and services, the legal basis that allows us to use your information is ‘legitimate interests’. If you’d prefer not to hear from us you can unsubscribe here. More information about how we use your personal data can be found in our Privacy Policy.