Chaos Continues After Ransomware Hits UK’s NHS

The following is a guest article by Itay Bochner, Director of Malware Analysis at OPSWAT.

Patients can’t get their medicine, psychiatrists can’t add reports to the system and provide their professional opinion in court, and only last week was the medical helpline number 111 restored. The manual logging of patient records is resulting in piles of paper documentation, which doctors are saying could take months to input into the online system once it’s restored.

The ransomware attack on Advanced, one of the UK’s biggest software providers for its National Healthcare System, is turning into one of the biggest cyberattacks ever to happen in healthcare. Over 20 days have passed since the health services’ cloud provider was attacked by ransomware. Since then, providers and patients have had no access to medical records – causing chaos and broader societal impact. 

Even more alarming, Advanced estimated it could take a few more weeks before they see a full restoration of services, leaving many questions about why recovery is taking so long and what could’ve been in place prior to the attack to reduce recovery time. 

Why the Wait? 

While we can only speculate at this time, the lengthy recovery time could either be due to Advanced’s production environment and the last backup not being up to date. Another possibility could be that the backup is also infected with the malware, and recovering it will not help, forcing them to go way back or build it again. 

Alternatively, they backed up everything but had not attempted to recover it for a while, and now in a time of need, it simply doesn’t work. If this is the case, doing routine backups and recovery could have helped in a situation like this and restored these critical services faster. 

Understanding Healthcare as a Target 

The UK NHS isn’t the only healthcare institution dealing with cyber disruptions. Just last week, the Center Hospital Sud Francilien, a French hospital outside of Paris, was hit with LockBit ransomware with a demand to pay $10 million, forcing them to send patients elsewhere for medical health services. Le Parisien reported that the ransom fee went down to €1M with negotiation. Earlier this summer, ransomware hit various American healthcare companies. 

While we’ve seen so many attacks on critical infrastructure, this may be an example of how the effects of cyberattacks on healthcare systems could be potentially more dangerous (and deadly) than on any other critical industries. Monetization of the attack is more likely given that human lives are at stake and the general population relies on healthcare and emergency services on a daily basis. Additionally, the healthcare industry deals with a vast network of providers and vendors, has numerous access points to digital patient data, and works with sometimes outdated or mismanaged systems due to a limited cybersecurity budget. 

Mitigating Future Attacks

So, what can the healthcare sector do to strengthen its cybersecurity posture and mitigate such widespread disruption? One recommendation is to invest in and implement prevention-based security technology, rather than just focusing on detection. Such technology could include Content Disarm and Reconstruction (CDR) for data sanitization, multiscanning using multiple AV engines for inbound channels such as email and web (where most attacks begin), and data loss prevention to help prevent sensitive and confidential information in files from leaving or entering the company’s systems. 

Other solutions should be implemented to secure the web applications that hospitals use to accept, process, and store patient records and documents. These files could contain hidden malicious payloads which could infect the entire hospital network with malware if left unaddressed. The good news is there are comprehensive solutions available that are compatible with most modern technology stacks and infrastructures – whether it be cloud-native, on-premises, or hybrid – supporting security on major cloud platforms like AWS, MSFT Azure, traditional air-gapped on-premises solutions, or solutions based on more modern micro-services architectures that support containerization. Good security hygiene mandates implementing the right checks not only at the point of ingress into your network, but also scanning and sanitizing all files and data before storage and periodically to prevent latent outbreaks.

We also know there is a global talent shortage and skills gap when it comes to cybersecurity. Critical infrastructure industries, especially healthcare, should be investing in hiring and training cybersecurity staff that can implement, manage, and update the devices and networks supporting critical day-to-day operations. 

About Itay Bochner

Itay joined OPSWAT in September 2020 as the Director of Malware Analysis Solution (MAS), leading the business unit to develop a new comprehensive malware analysis solution that encompasses the most advanced technologies to manage, investigate and deduct conclusions, all from a single source. OPSWAT MAS is a unique solution specializing in CIP and OT environments. As a business unit manager, Itay is responsible for driving the Product, Research & Development, Marketing and Sales. During 2021 Itay led the process of SNDBOX acquisition by OPSWAT.

   

Categories