Basic IT Security practices could have prevented NHS hack

27.10.2017

Reports state that, by simply updating their software, the NHS could have avoided the crippling effects of the WannaCry ransomware outbreak in May 2017, which resulted in 19,500 medical appointments being cancelled, over 600 GP surgery computers being locked and five hospitals having to divert ambulances elsewhere.

The attack, which affected 81 NHS organisations across England, was stopped when a researcher, who identifies himself only as MalwareTech, purchased the domain that was being used to control the ransomware worm.

Unknown to MalwareTech, when the domain was purchased the ‘kill-switch’ was triggered – making him a very ‘lucky’ hero.

The spread of the worm involved a very long nonsensical domain name that the malware makes a request to – like that used to look up a website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

But MalwareTech warms “The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot” – making it critical for organisation to ensure software patches are kept up-to-date at all times.

More than 300,000 computers in 150 countries were infected with the WannaCry ransomware within a matter of days, using a computer exploit discovered by the NSA and leaked by a suspected Russian hacking group called The Shadow Brokers – more than £100,000 was eventually paid to the hackers.

Since WannaCry, two further ransomware attacks have been recorded: NotPetya, and Bad Rabbit. Highlighting just how important it is for organisations to manage IT security and protect data.

Organisations looking to improve their IT security should get in touch and enquire about the protection that ISO 27001 compliance can offer.

To find out more about the services available, please call 0333 344 3646 or email [email protected].

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Michelle Whitehouse

  • Company:

    Brand and Content Marketing Manager

  • Bio:

    Michelle joined Citation ISO Certification in 2012. Having held several different roles across the business, she uses the insight and experience gained to shape and drive the brand and content marketing strategy. Managing a small team; she ensures that the customer is at the forefront of everything we do. Delivering event programmes and communication strategies that pack value into the overarching experience for both new and existing customers, Michelle is an innovative thinker that believes in offering services that add real value to people’s lives. With a background in sales, digital marketing, content strategy and marketing communications, Michelle takes an in-depth, hands-on approach to her role within the business and is passionate about developing the relationship that exists between the brand and customers through a combination of technology and communication.

Cookies

QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only