Menu

NHS Cyber Attack: What You Need To Know

Last Friday, you will have heard about the NHS cyber attack: one in five NHS trusts was hit by a ‘ransomware’ cyber attack – a type of malware that locks computer files and then demands payment in exchange for unlocking the data.

The attack used malware called ‘WannaCryptor’ or ‘WannaCry’ to exploit a vulnerability in Windows XP, which many NHS systems use despite previous concerns.

By Monday, most NHS systems appeared to be operating as normal, although NHS Digital reported that seven of the 47 trusts hit by the attack are still seeking emergency support.

How has the cyber attack affected the NHS?

Last Friday, NHS staff were locked out of their computers, disrupting thousands of patients across the UK as appointments and operations were forced to be cancelled.

Files saved on the computers, like patient notes and appointment details, were impossible to access or retrieve without paying a ransom of $300 (£230) in Bitcoin.

Mike Viscuso, chief technology officer of security firm Carbon Black, said that, “The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences […] this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked.”

Why was the NHS vulnerable to attack?

Cyber experts have suggested that NHS trusts were vulnerable as they were using old IT systems – Kingsley Manning, the former chairman of NHS Digital, told the BBC on Saturday that several hundred thousand computers were still running on Windows XP – an 18-year-old operating system.

In March, Microsoft provided free security software to protect computers, which many trusts failed to implement, leaving them vulnerable to attack.

The NHS cyber attack has also sparked political debate over NHS spending, with Labour and the Liberal Democrats claiming that the NHS’s vulnerability was due to the government’s failure to upgrade hospital IT systems.

It’s been reported that the Conservatives cut cybersecurity spending a year ago, deciding not to extend a £5.5m support deal with Microsoft, despite concerns being repeatedly raised about the IT system’s vulnerability.

Liberal Democrat home affairs spokesperson Brian Craddick said, “We need to get to the bottom of why the government thought cyber-attacks were not a risk, when a combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cybersecurity.”

NHS Cyber Attack Timeline:

Friday 12th May

Saturday 13th May

Sunday 14th May

Monday 15th May

Tuesday 16th May 

Loading

Loading More Content