Preventing Another WannaCry: How the NHS Can Shield Itself from Future Cyberattacks

Can cybersecurity professionals learn from the WannaCry attack on the NHS and identify control measures to prevent future cyberattacks and safeguard Protected Health Information (PHI)? In this article, we delve into the lessons learned from the WannaCry incident and explore practical steps the NHS can take to fortify its defences against similar threats in the future.

?

The WannaCry attack on the NHS (National Health Services, UK) in 2017 served as a stark reminder of the hidden security vulnerabilities within a nation's digital healthcare systems. This devastating ransomware attack disrupted national healthcare services, affected thousands of patients, and exposed critical gaps in cybersecurity.

Is it possible to implement robust cybersecurity measures that can help the NHS and other healthcare providers in protecting sensitive patient data, Protected Health Information (PHI), and? Personally Identifiable Information (PII)?

Or, can hiring skilled and experienced resources in specific cybersecurity domains help ensure uninterrupted healthcare services and build a resilient infrastructure against evolving cyber threats?

Let’s dive in.

?

Statistics: Cyberattacks on NHS & Healthcare Industry

• Over 60 trusts were targeted within the UK’s National Health Service (NHS) by the ransomware. On May 12, it affected dozens of facilities, many of which couldn’t access patient records.
• According to Check Point Research’s data, global ransomware attacks reached an all-time high in 2023, targeting 10% of organisations, up from 7% the previous year. The healthcare industry made up 12% of the total organisations globally impacted by ransomware attacks.

• The ransomware ended up delaying non-urgent surgeries and cancelled patient appointments. The WannaCry ransomware attack negatively impacted more than 200,000 PCs across 156 countries.
• 81% of UK healthcare providers were hit, and more than 38% of healthcare organisations paid a ransom to regain their data. 44% refused to pay a ransom and ended up losing their data, and the attack continued to be a menace due to geopolitical climate changes.

Exploring WannaCrys Attack & the NHS

What is WannaCrys attack?

In May 2017, the WannaCry ransomware outbreak swiftly spread to around 230,000 computers in 150 countries within hours. The attack quickly went global until security researcher Marcus Hutchins discovered a kill switch, which claimed to significantly slow down the ransomware's spread. However, Marcus who stopped the WannaCry attack was also found guilty of hacking and arrested by the FBI.

Why Was WannaCry So Successful?

WannaCry's success can be attributed to the inefficient patch management practices within organisations. In fact, Microsoft had actually released a security patch for the EternalBlue exploit nearly two months before the attack. Unfortunately, a large number of Windows users around the world (including healthcare organisations like NHS) failed to update their software or were using outdated versions of Windows, making them susceptible to widespread attack. As a result, WannaCry was able to rapidly infect and spread across countless systems worldwide due to the widespread lack of timely updates.

Why was NHS impacted?

• Many of the NHS's systems were infected as a result of not installing the latest Microsoft security patch. It was released for electronic devices that ran Windows, 12 months prior to the attack.
• The WannaCry ransomware attack was effective because it delivered personalised emails to victims. Recipients were tricked into opening malicious attachments and it released malware onto their systems via phishing
• The global cyber attack revealed various critical vulnerabilities that were exploited. The attack infected key systems, and it affected telephones. The ransomware specifically exposed a Microsoft Windows vulnerability.
• NHS also used outdated systems even after Microsoft stopped supporting Windows XP operating systems. There were problems in clear communication, and their disaster recovery plan did not account for the attack.

Impact of WannaCry on hospital activities

Critical systems went down in hospitals, and many of them were unable to function properly. Thousands of surgeries had to be cancelled and this resulted in a 6% drop in hospital admissions for infected patients. A&E departments were especially affected, and the attack negatively impacted outpatient services per day at infected trusts.

Reasons Why Healthcare Is The Biggest Target For Cyberattacks

Patient records are a goldmine of valuable information for cyber criminals. Adversaries can sell stolen data on the dark web, and medical devices are an easy entry point for attackers. Hackers know that healthcare cyber security is vulnerable, and by causing disruptions in operations, they can gain unrestricted access to networks and systems. Hacked devices can cause reputational and financial damages to organisations, and adversaries are aware that healthcare staff are not educated about online risks. Outdated technologies also means that healthcare is the biggest target for cyber attacks, and hospitals often have limited budgets which is why they fail to push regular updates or keep up with the latest security threats.

How the NHS & Healthcare Providers Can Prevent Similar Cyberattacks

NHS and healthcare providers can prevent similar cyber attacks by securing patient data, prioritising risk management, and emphasising incident response planning and recovery. The goal is to embed security with emerging technologies; building on a culture of cyber resilience and unifying security and resources at scale can also benefit organisations and minimise disruptions. Here are some ways to go about it:

Prioritise Cybersecurity Best Practices

Conduct regular risk assessments and implement the best cyber hygiene practices within the organisation. It is crucial to use basic and advanced security controls and processes to manage healthcare entities and services.

Cybersecurity Awareness & Training

Part of cyber security awareness and training should be proactively educating medical staff about emerging threats. Users should know how to engage with unknown entities, deal with them, and what to do in cases of impersonation or fraudulent access attempts.

Creating an IT Disaster Recovery Plan

Healthcare teams should aim to quickly identify redundant processes and minimise disruptions. They should communicate these findings to concerned customers, vendors, and authorities.

Regular Software Updates and Patch Management

Applying bug fixes and installing the latest software updates and patches should be a priority for every hospital, clinic, and healthcare firm. It also ensures continuous compliance with the latest medical industry’s data storage and processing standards.

Data Backup & Testing

Creating data backups along with their regular testing is important. Data recovery planning is essential as it will help organisations recover in the event of actual data breaches and minimise losses.

Incident Response Plan

An incident response plan will outline measures for threat containment, eradication, detection and identification, and system restoration. There are different phases involved and it usually involves follow-up actions with more extensive testing.

Continuous Control Monitoring

Continuous control monitoring enables real-time tracking of hospital patient records and operations. It reduces risks, and ensures error-free healthcare data collection, analysis, and more.

Hiring the Right Cybersecurity Talent

Use healthcare resources and networks to hire the right talent. Some tips for finding and recruiting the right talent are - partnering with universities, sharing job listings on social media channels, and looking beyond job boards. Additionally, having a recruitment agent who can actively engage in cybersecurity forums and events, will help get you in touch with professionals that may have originally been out of reach.

Final Words

In conclusion, the WannaCry attack on the NHS highlighted just how vital strong cybersecurity measures are in healthcare. It's not just about following best practices, keeping systems updated, and having solid disaster recovery plans—having the right people on your team is equally essential to keeping patient data safe and secure.

Skilled cybersecurity professionals play a pivotal role in identifying vulnerabilities, devising effective strategies, and safeguarding sensitive patient data. By investing in experienced cybersecurity experts, healthcare providers can establish a resilient infrastructure capable of withstanding evolving cyber threats.

This, in turn, ensures uninterrupted healthcare services while safeguarding PHI and PII. The future of healthcare cybersecurity hinges on the having a mix of experience and expertise of dedicated professionals.

References

1. Collier, R. (2017). NHS ransomware attack spreads worldwide. Journal de l’Association Medicale Canadienne [Canadian Medical Association Journal], 189(22), E786–E787. https://doi.org/10.1503/cmaj.1095434
2. England, N. H. S. (n.d.). NHS England?? NHS England business continuity management toolkit case study: WannaCry attack. Nhs.Uk. Retrieved June 2, 2024, from https://www.england.nhs.uk/long-read/case-study-wannacry-attack/
3. NHS Hospital Ransomware Case Study. (n.d.). Avast.Com. Retrieved June 2, 2024, from https://www.avast.com/business/resources/what-is-hospital-ransomware#mac
4. 9 reasons healthcare is the biggest target for cyberattacks. (2018, December 19). Swivel Secure. https://swivelsecure.com/solutions/healthcare/healthcare-is-the-biggest-target-for-cyberattacks/
5. WannaCry. (2023, August 24). Malwarebytes. https://www.malwarebytes.com/wannacry
6. Acronis. “The NHS cyber attack.” The NHS Cyber Attack: How and Why It Happened, and Who Did It, Acronis, 7 February 2020, https://www.acronis.com/en-sg/blog/posts/nhs-cyber-attack/. Accessed 3 June 2024.
7. Collier, Roger. “NHS ransomware attack spreads worldwide.” NHS ransomware attack spreads worldwide, National Library of Medicine (NIH), 5 June 2017, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5461132/.Accessed 3 June 2024.
8. County Durham and Darlington NHS Foundation Trust (CDDFT). “NHS England business continuity management toolkit case study: WannaCry attack.” NHS England business continuity management toolkit case study: WannaCry attack, NHS England, 21 April 2023, https://www.england.nhs.uk/long-read/case-study-wannacry-attack/.Accessed 3 June 2024.
9. Ghafur, S., et al. “A retrospective impact analysis of the WannaCry cyberattack on the NHS.” A retrospective impact analysis of the WannaCry cyberattack on the NHS, 2 October 2019, https://www.nature.com/articles/s41746-019-0161-6.Accessed 3 June 2024.
10. Lewis, Sam. “Ransomware attacks hit 81% of UK healthcare providers in 2022.” Care Home Professional, 13 June 2023, https://www.carehomeprofessional.com/ransomware-attacks-hit-81-of-uk-healthcare-providers-in-2022/. Accessed 3 June 2024.
11. swivelsecure. “9 reasons why healthcare is the biggest target for cyberattacks.” 9 reasons why healthcare is the biggest target for cyberattacks, swivelsecure, 2024, https://swivelsecure.com/solutions/healthcare/healthcare-is-the-biggest-target-for-cyberattacks Accessed 3 June 2024.