How the NHS Protects Hospitals Following the 2017 WannaCry Ransomware Attack
This Global Attack Became A Matter of Public Concern, With the UK’s National Media Paying Particular Attention to the Impact and the Response of the NHS.
Back in 2017, the WannaCry ransomware became one of the most devastating cyber-attacks ever seen. It swept the entire world, locking up critical systems all over the globe and infecting over 230,000 computers in more than 150 countries in just one day.
The National Health Service (NHS) in England and Scotland was one of the first high-profile victims of this attack. About 40 of NHS’s medical organisations and practices were hit.
It is the largest cyberattack to hit the UK and, although the NHS wasn’t the main target of WannaCry, it was a wakeup call at to how ransomware and other cyber campaigns can be a risk to an organisation with 1.5 million employees, which provides healthcare services across the entire country.
The ransomware used EternalBlue to spread to other machines on the local network until it placed itself on a computer. Besides, in an effort to locate other vulnerable devices, it tried to self-propagate throughout the Internet by analyzing random public IP addresses.
As described in the WannaCry Ransomware Cyber Attack review,
The WannaCry ransomware cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payment in the Bitcoin cryptocurrency. The initial infection was likely through an exposed vulnerable internet-facing Server Message Block (SMB) port30, rather than email phishing as initially assumed.
To protect its networks from future attacks, the NHS has learned the lessons from WannaCry and is now aiming to make sure that it’s harder for cybercriminals to exploit vulnerabilities in order to distribute malware.
Neil Bennett, chief information security officer (CISO) at NHS Digital, the national IT provider for the NHS, revealed for ZDNet that
Within NHS Digital and working closely with NHSX and NCSC, we offer a high-severity alerts process, so we will review and triage vulnerabilities. And where we believe vulnerabilities are particularly critical and applicable to the NHS, we’ll push out alerts advising organisations to take action to remediate and put time scales around it.
The flawed patching practices of the National Health Service were proved to be an issue. They were (and in some cases still are) an inconsistent, irregular process, not based on a proper patch management policy.
Following the WannaCry outbreak, pressing cybersecurity matters were brought to light. Namely, the importance of setting up secure and regular backups, using proactive cybersecurity software, staying up to date with the latest security patches, and isolating sensitive systems.
We provided support to individual trusts on reviewing their backups, very much aligned with the NCSC’s backup guidance. Then with the findings we’d support the organisations remediating against recommendations and in some cases NHSX actually funded new backup solutions, ideally cloud-based backup solutions.
WannaCry’s arrival showed how disruptive cyber incidents can quickly ambush unprepared organizations. The impact of these malicious events on institutions is never overlooked by cybercriminals. In fact, they only set the stage for more attackers who try to pursue similar attack techniques.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
Remember, cybersecurity is not just about the big events that happen and make the headlines. The most important aspects of it are how you handle yourself online every day, how you shape your cyber hygiene habits.