The healthcare industry in the United States has been targeted by cybercriminals using ransomware; however, UK healthcare ransomware attacks are also on the rise. So far this year, at least five National Health Service (NHS) Trusts have been attacked with ransomware. Those attacks have crippled hospitals’ computer systems and have had a major impact on patients. Operations and appointments have had to be cancelled after computer systems and medical devices have been taken out of action.
The ransomware has been used to encrypt a wide range of files on infected computers, but also servers and the medical machinery connected to the networks. MRI scanners and diagnostic equipment have been taken out of action as a result of these attacks. Hospitals have either been forced to essentially shut down while the infection is removed, or pay the attackers’ ransom demands to unlock their computers.
Last week, the Northern Lincolnshire and Goole NHS Foundation Trust was attacked with ransomware that resulted in all non-urgent operations and appointments being cancelled for two days while the infection was removed. In this case, the Trust was able to recover from the attack by restoring files from backups. No ransom was paid, although considerable costs were incurred nonetheless.
Plymouth’s Derriford Hospital experienced a ransomware attack in September that resulted in computers being taken out of action. The infection was resolved promptly and no ransom was paid. In February this year, two other NHS Trusts were attacked using ransomware according to Intel Security, while Cambridge’s Papworth Heart Hospital also experienced a ransomware incident.
The individuals behind the UK healthcare ransomware attacks leveraged vulnerabilities in out-of-date software to install ransomware on systems. Cybercriminals are well aware that hospitals have legacy systems that are out of date and contain numerous unpatched vulnerabilities. Many hospitals are also using software that is no longer supported – Windows XP for example. Additionally, many NHS staff lack security awareness and do not know what ransomware is and how serious the threat from the malicious software is.
A spokesperson for NHS Digital confirmed that the NHS, like many organizations, is susceptible to these types of cyberattacks, although action is being taken to keep data secure and mitigate risk. However, the number of attempted attacks on UK healthcare organizations is increasing and successful attacks are therefore inevitable.