On Friday, reports emerged that over 70 countries had been hit by a cyber attack that also brought the NHS’s procedures to a halt. Today, it has been found that over 150 countries have been affected. This highlights the importance of being cyber aware and the fact that no company nor organisation is exempt.
The ransomware used in the attack locked users’ files and demanded a ransom of $300 (£230) to re-gain access, with a threat to delete files if the ransom wasn’t paid.
In England alone, 47 trusts have reported issues at hospitals and 13 NHS organisations have been affected in Scotland. The attack has had huge implications for the NHS as hospitals and surgeries have been forced to cancel treatments, operations and appointments, and divert ambulances to other sites.
Jonathan Copley, Care & Social Welfare Account Executive at McClarrons, notes: “Care homes and social welfare organisations often do not consider themselves to be at risk as they don’t believe they have a lot to offer cyber criminals. However, previous attacks including this one prove that the healthcare sector should be taking cyber security seriously”.
It is believed the attack impacted NHS hospitals because many of their computers were running Windows XP, which has a flaw that the ransomware could exploit. Microsoft released a security update in March which aimed to protect users from such viruses but it is believed that not all hospitals had installed the update.
Security Minister Ben Wallace suggested that the real issue was whether trusts had regularly backed up data and were installing security patches. However, Chris Hopson, chief executive of NHS Providers noted that technology such as MRI and CT scanners were “bound to be using old software” as they have a long-life expectancy of around ten years. Whatever the cause, it is evident that cyber attacks are becoming far more prevalent and that the impact they have can be catastrophic and very costly.
In 2016 an IBM report found that the healthcare sector was “the most cyber-attacked” industry in 2015. Some of the reasons behind this are thought to be because in this sector it is often a life or death situation meaning ransom is more likely to be paid, as well as the fact that the data available is potentially very lucrative. Information such as medical history, date of birth, full names, etc. can be used in identity theft or be sold on and healthcare organisations naturally hold a high concentration of sensitive data like this.
Jonathan adds, “Being proactive by taking steps to ensure systems are secure and staff are aware of the risks is an important start and many insurance companies offer complimentary advice within cyber insurance policies to mitigate the risks. In addition, insurance offers that extra peace of mind that if the worse should happen, help and protection is at hand”.
Read our tips on securing your systems and download your free Cyber Security eBook, here.
If you would like to discuss your Care or Social Welfare organisation’s insurances or for advice on how to protect your systems, contact Jonathan Copley on 01653 697055 or email Jonathan.Copley@mcclarroninsurance.com.