The NHS Cyber Attack and MedicsPro
Recently NHS hospitals were targeted by a major cyber attack.The ransomware computer virus affected an estimated 47 trusts and seven were forced to close their doors in A&E to ambulances as a result.
This recent assault on NHS cyber infrastructures has raised questions on how secure are our IT systems, especially within the medical field where it can often be a matter of life and death? How did the cyber attack affect people?
Luckily, we’ve been able to use our contacts to unearth what happened and what our role should be when these things occur.
For MedicsPro employees, Sales Director Rodney Shulton, says “The impact to our employees was mainly felt in our Nursing division with those areas whom supply to A&E having shifts cancelled for staff we had booked for work. We’re advised by a great IT Director who has been offering support to our team, candidates and clients.”
How did it happen?
Usually delivered via email, hackers have been spreading the ransomware virus -also known as WanaCrypt0r 2.0, WannaCry and WCry.
These phishing emails trick the recipient into opening attachments, realising the malware onto the system, infecting it. The virus then locks out the user and demands payment via bitcoin (hence the ransomware moniker).
MedicsPro’s Group IT Director (interim) Doug Breaks advised staff, “To be extra vigilant before opening any email attachments or links, ignoring those from unknown sources and suspicious content from known senders”.
Could it happen again and can it be prevented?
After the initial assault on some NHS IT infrastructures, a “second spike” in cyber attacks was expected but fortunately didn’t affect the NHS - but some hospital trusts were still experiencing continued disruption after the initial first attack.
Health Secretary, Jeremy Hunt, who attended a Cobra committee meeting on cyber security recently said it was “encouraging” there hadn’t been further attacks. The National Crime Agency believed that another attack in the near future is a great possibility.
Our specialist IT Director believes, “It’s a daily threat and growing. We recognise a serious attack can cause major disruption to our clients services, let alone the impact to our candidates”.
Since the cyber attack the NHS has been asked to update their old and outdated systems to prevent further similar incidents. This comes amid reports that around one in 20 NHS computers run on Microsoft XP, a system that is now 16 year old and Microsoft no longer offers support for it.
Updating IT security systems
MedicsPro’s Doug Breaks was involved with updating the company’s systems and confirmed, “In the weeks leading up to the attack alone we updated all mail clients to the latest versions set to update automatically, added a perimeter email security system that inspects every attachment and checks addresses for attack attempts, such as spoofing, restricted all unused network ports on the local network.
We’ve even replaced the standard server authentication methods to a custom service with greater complexity and we check for common phrase exclusion – from names through to football clubs.”
Cyber security foresight such as this could have prevented severe disruptions to both clients and candidates.
MedicsPro was quick to act on hearing of the NHS’s recent attack and quickly advised candidates who were affected or work within the NHS, “To check any emails that look like they come from us but again, look suspicious or potentially deemed to be phishing emails to be reported to us for further investigation”.