If you are not aware about last Friday’s cyberattack that hit major networks and carriers around the globe, you must be living in a cave or something.
WanaCry, aka WannaCrypto, has proved itself to be one of the deadliest ransomware attacks responsible for taking out thousands of computers in the UK alone. If we add up the number of globally affected computers, the figure would go through the roof.
The ransomware exploited the security loophole present in thousands of servers running a Microsoft-developed OS. The vulnerability had been patched by Microsoft with the 17-010 patch but the servers that did not have that patch installed fell victim to the attack. The malware used a backdoor, DoublePulsar, which was originally created by a US spy agency.
The ransomware encrypts all the files on a computer and shows a screen that asks the victims to pay around $300 via Bitcoins to regain access to their data.
According to The Telegraph, around £33,000 in total ransoms have been disbursed to the attackers as of May 15, 2017.
The NHS Cyber Attack Incident
It is not just the business sector alone that has experienced a significant loss. The healthcare sector all over the world have also been victimized by the ransomware, including the National Health Services (NHS).
The NHS organizations and trusts across the globe have also fallen victim to WanaCry.
In fact, some hospitals had to cancel appointments and even surgeries due to the disruption that the ransomware caused.
Many NHS trusts issued notices informing patients about the status of the healthcare services amidst the cyberattack. For instance:
The Yorkshire Teaching Hospital NHS Trust issued a notice on its website on Friday, May 13, informing patients on the lack of computer’s availability due to the cyberattack, and on how they are working on to fix the issue. The trust updated its page on Monday 15, listing canceled appointments and planned operations.
Likewise, Southport and Ormskirk Hospital NHS Trust also issued a statement on Sunday, May 14, notifying patients about the incident and how it affected the trust’s clinical information system. On Monday, the trust updated its page asking patients scheduled for surgery to not to come unless otherwise informed. The trust also cancelled scheduled appointments and in fact MRI and CT scans.
The List of Affected NHS Hospitals & Trusts
Almost 48 out of 248 NHS organizations have been hit by the ransomware in the UK, which were later reduced to only 6 within 24hours of the attack. Here is a list of some of the hospitals and trusts that were hit on May 12, 2017.
North Cumbria Hospitals
Morecambe Bay Hospitals
East Lancashire Trust
East and North Hertfordshire
Derbyshire Community Health
University Hospitals North Midlands
North Essex Partnership University
London North West Healthcare Trust
East Cheshire Trust
Aintree University Hospitals
The Royal Liverpool and Broadgreen Hospitals Trust
Liverpool Community Trust
Broomfield Hospital, Essex
Northwick Park, North West London
St Bartholomew and Royal London
Colchester General Hospital
Norfolk and Norwich
James Paget, Norfolk
Queens Hospital, Burton
UHNM, Royal Stoke
NHS Cyberattacks: Why Hospitals Are the Prime Target?
It isn’t the first time that a cyberattack has been aimed at the healthcare sector, and compromised important patient data. In fact, a month prior to the WannaCry ransomware attack, a group of cybercriminals attacked a Los Angeles based medical center, Hollywood Presbyterian, with a ransomware called Locky.
As a result of the cyberattack, the medical center had to pay around $17,000 in Bitcoins. After the ransomware attack, the medical center also had to keep their computers offline which resulted in a cessation of many healthcare services including planned surgeries as well as appointments and scans, for more than a week.
There are many reasons why the healthcare centers prove easy targets for such cyberattacks. For starters, hospitals, trusts or any other healthcare center for that matter, lack important cybersecurity awareness. The personnel working in the hospitals are educated more on complying with the HIPAA compliance than cybersecurity practices.
Another possible reason behind the NHS ransomware cyberattack could be the sensitivity of the information stored in healthcare center systems. These systems have the patients’ complete health history, prescriptions details and any treatment-related information that can be deemed as lifesaving info. For the well-being of the patients and to prevent any lawsuit, hospitals have no other option but to surrender to the exorbitant extortion demands of a cyberattacker.
How to Protect Yourself from Ransomware Attacks
Ransomwares are usually targeted attacks that are aimed at companies or networks that can shell out high ransoms. The ideal way to prevent ransomware attacks is by keeping the systems up-to-date with the latest security patches or updates.
Apart from security updates, users can also install a firewall to block malwares and other malicious tools from breaking into a user’s machine.
Users are also advised to take regular backups of their important data, let’s say on a Cloud service, so that they can keep their data safe, in the event of such incidents.