UK health trusts hit by ransomware attacks
The UK's National Health Service is being targeted by ransomware according to a new study which shows that 30 percent of NHS Trusts have suffered an attack, potentially placing patient data and lives at risk.
The findings come from a Freedom of Information Act study conducted by endpoint security company SentinelOne. It submitted FOI requests to 129 NHS Trusts, of which 94 responded.
All but two NHS trusts -- Surrey and Sussex, and University College London Hospitals -- have invested in AV security software on their endpoint devices to protect them from malware. But, despite installing a security solution, Leeds Teaching Hospital had suffered five attacks in the past year. No trusts reported paying a ransom or informing law enforcement of the attacks; all preferring to deal with them internally.
Of 15 trusts that were able to provide further information about the origins of the attacks, 87 percent report that the attacker gained access through a networked NHS device, with 80 percent targeted by a phishing attack. Whilst the majority of these trusts were unable to identify their attackers, one confirmed it was organised cyber criminals with another believing the attack to be conducted by opportunistic hackers.
"These results are far from surprising," says Tony Rowan, chief security consultant at SentinelOne. "Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware and a new more dynamic approach to endpoint protection is needed. In the past NHS trusts have been singled out by the ICO for their poor record on data breaches and with the growth of connected devices like kidney dialysis machines and heart monitors there is even a chance that poor security practices could put lives at risk".
The problem isn't unique to the UK, ransomware which encrypts data and demands a ransom to decrypt it, has been affecting US hospitals for a while now. The Hollywood Presbyterian Medical Center in Los Angeles notoriously paid cybercriminals 40 Bitcoins (around $15,000) in February after being infected by Locky, one of the most prolific ransomware variants. It isn’t only a problem for healthcare either SentinelOne has also carried out similar FOI requests with other public sector organisations and discovered that ransomware has affected 60 percent of UK universities.
More information how organizations can deal with ransomware threats is available in a free on-demand webinar on the SentinelOne website.