NHS Implements New Security Measures Post-WannaCry

The UK’s National Health Service (NHS) has announced they will be implementing new security measures in response to the WannaCry ransomware outbreak that devastated Windows networks around the world last May.

“Many people have felt the global impact of WannaCry – from late nights to a heightened sense of awareness, WannaCry has put many people on edge. Unfortunately, WannaCry will not be the last outbreak as assuredly as it wasn’t the first,” researchers from the Cylance Threat Guidance team wrote at the time of the attacks.

Unfortunately, the NHS was one of the ransomware’s high profile victims. At least 6,900 patient appointments with medical professionals were cancelled due to the effects of WannaCry.

A report from the National Audit Office indicates that the NHS was woefully unprepared for cyberattacks. A cybersecurity assessment conducted by NHS Digital prior to the WannaCry attack found that none of the 88 NHS trusts they examined passed existing IT security requirements.

Mistakes have value if lessons are learned from them. I have good news to report about what the NHS is up to now.

CareCERT SMS Alerts

When someone working for the NHS observes a cybersecurity concern or cyberattack, there’s now an easy way to warn NHS trusts throughout the UK. NHS Digital announced a successful pilot test of their CareCERT SMS alert system.

The system uses SMS text messages so that alerts can be disseminated even if email systems aren’t working properly, or if NHS workers can’t use their PCs due to cyberattack. The alerts are sent through GOV.UK Notify, the free government alert service.

“During major security incidents, we can now send CareCERT alerts and updates by using short message service (SMS) alerts, following a successful pilot. Contacts in Acute, Ambulance and Mental Health Trusts, Clinical Commissioning Groups and Commissioning Support Units (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog