The massive WannaCry ransomware attack which crippled many NHS institutions on Friday could be more devastating than previously believed, following re-opening of hospitals after the weekend.
Restarted computers and connected medical equipment may spread WannaCry malware further this week, pulverising NHS servers and delaying treatments of thousands of patients.
On Friday, hundreds of doctors and employees at NHS trusts across England were greeted with bitcoin virus pop-ups demanding $300 in three days to return patient data to the NHS. There was no way around the ransomware and to stop it from spreading further, NHS decided to turn off all systems, thereby crippling ongoing treatments and usage of connected medical equipment.
By 1550hrs on Friday, as many as 16 NHS organisations had reported being affected by the attack. Not only did the ransomware attack affect computers and equipment, but also telephone systems, making it difficult for patients and relatives to contact individual trusts. “”We apologise but we are having issues with our computer systems. Please don’t attend A&E unless it’s an emergency. Thanks for your patience,” tweeted Blackpool Hospitals.
NHS is still struggling to bypass the ransomware and it is expected that hospital systems will continue to suffer to a degree while the organisation comes to terms with the scale of the attack.
“GPs, of course, can still diagnose and treat patients without using computers but we ask our patients to bear with us if routine services such as repeat prescriptions and appointment booking services are slightly disrupted this week,” said Professor Helen Stokes-Lampard of the Royal College of General Practitioners.
“In the meantime, we wish to reassure patients that your GP will be there for you as usual if you are taken ill and that you will receive the best possible care from the NHS, despite the current difficulties,” she added.
“We have been working with 47 organisations providing urgent and emergency care who have been infected to varying degrees. Most have found ways of working around this but seven, including St Barts in London, have asked for extra support,” said Dr Anne Rainsberry, NHS incident director.
While NHS has toned down the impact of the ransomware on its servers, Ciaran Martin, chief executive of the National Cyber Security Centre, believes that the real impact of the malware may emerge this week, following re-opening of hospitals after the weekend.
“On Monday morning at the start of the new working week it’s likely that successful attacks from Friday that haven’t yet become apparent will become apparent. And also existing known infections can spread, we can’t say what scale the new cases will occur at but it’s likely there will be some,” he said to the Press Association.
While the ransomware attack wasn’t aimed specifically at NHS, the organisation bore the brunt of it mainly because of unsecured and vintage operating systems like Windows XP still running in several hospitals. The ransomware, now popularised as WannaCry or Wanna Decryptor across the world, has so far affected hundreds of thousands of users in over 150 countries.
“This would appear to be a wide ranging, well-coordinated Ransomware attack, using a new variant of Ransomware. It was well thought out, well-timed and well-coordinated. But fundamentally, there is nothing unusual about its delivery. It is still fundamentally robbery and extortion, albeit large scale,” said Brian Lord OBE, former Deputy Director GCHQ Cyber and Intelligence.
“The impact on services has not been caused by the Ransomware, it has been caused by the Trust’s necessary reaction to it, whereby they have had to shut everything down to stop its spread – not helped by poor understanding of network configuration meaning everything has to shut down.
“Something like this was always inevitable. While organisations are distracted by high profile dramatized threats, such as Russian election hacking, they are neglecting basic cyber hygiene measures which can prevent the mass effectiveness of mass ransomware attacks like this. Until basic cyber hygiene is taken seriously, these attacks will continue to happen at this scale with an impact disproportionate to the nature of the attack,” he added.
According to a report from Business Reporter, “approximately 70 per cent of (NGS) Trusts said they had limited training programmes if any in place to safeguard organisational information, including patient records, for staff using personal devices”.
“This problem is made worse by the presence of so many agency staff who inevitably will have less cyber security training. Stories of passwords taped to screens or computer mice are common: it’s not really laziness but rather the prioritising of operational efficiency at the expense of security.
Another factor is that NHS trusts (and the NHS itself) are complex organisations that involves many disparate entities that communicate using different (or absent) security protocols – which gives hackers plenty of opportunity,” the report added.