Ransomware attacks on the up at NHS trusts
The number of NHS trusts being targeted by cyber attacks is on the rise, with reports indicating that at least 28 were hit by ransomware in the past year.
NHS trusts are a target of cyber attacks - Photo credit: Fotolia
The figures were obtained through a Freedom of Information request by cyber security firm NCC Group and released to the i newspaper.
They show that four of these were considered serious enough that they had to be reported as a potential breach of data protection or confidentiality laws.
Ransomware - what can public bodies do about it?
Earning public trust in the age of cyber threats
Such attacks see malicious software sent to a computer, often via an email link, which then blocks access to the system. The source will then demand a ransom is paid, which can be anything between hundreds and thousands of pounds.
The i newspaper said that NHS Digital acknowledged there had been an increase in attacks, but said that no ransom had been paid in any of the serious indicidents, and that no data had been lost.
The FOI also asked trusts if they had paid anything – but eight of the 28 that admitted to attacks would not comment on whether they surrendered nay funds, the newspaper reported.
Commenting on the case, Jonathan Lee, the UK healthcare sector manager at security firm Sophos, said that many attacks are short-lived, but that they can have big impact if they’re spread on highly trafficked sites.
“While putting IT at the heart of care within the NHS brings many gains in terms of care, it also means more opportunity for data breaches,” he said.
“In particular, the increased mobility of service delivery – especially when it comes to social care in the community – already involves the use of a wide variety of devices to access records and other patient data on the move.”
Lee pointed to a survey carried out for Sophos earlier this year, which found that, of 250 chief information or technology officers and IT managers in the NHS, 84% believed that encryption was necessary. Despite this, just 10% said it was well established in their organisation, while only 59% said they had email encryption.
However, the health service is not the only part of the public sector to be targeted by such attacks – in February this year, Lincolnshire County Council had to close down its entire network.
The ransomware, which got into the system because someone clicked a link in an email, did not release any data but did mean the council had to resort to paper for some time.
Lee said that public sector bodies should make sure their systems are up-to-date, that they require multi-factor authentication and encourage all staff to be suspicious of links and attachments in emails.
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Technology services firm has revealed two data-compromising incidents in recent week
Sensitive data was left unsecured in prison holding area, according to data watchdog
Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk
Role comes with a remit to work with current and former military personnel, as well as officials and commercial suppliers
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...