We all know what happened on 12 May 2017. That’s the day when an updated version of WannaCry ransomware announced itself to the world. In a matter of days, the malware encrypted data stored on 200,000 computers across 150 countries.
One of the victims affected by WannaCry was the United Kingdom’s National Health Service (NHS). According to a report released by the National Audit Office (NAO), the attack caused disruption at 34 percent of NHS trusts. An additional 603 primary care and other NHS-related organizations also reported infections.
Amyas Morse, head of the NAO, said the attack didn’t have to go that way. As quoted in an October 2017 press release:
The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.
May 2017 wasn’t the only time that NHS trusts suffered disruptions at the hands of computer criminals. According to Freedom of Information (FOI) requests sent to 80 NHS trusts by Intercity Technology, approximately a third of organizations suffered an outage across their IT systems between January 2015 and February 2018. A security breach was behind the blackouts for 14 of those entities, with NHS organizations suffering 18 security breaches over the last three years. Those events collectively caused 18 days’ worth of outages, The Register reported.
These findings beg the question: why are computer criminals so intent on targeting the NHS?
Part of the answer has to do with the NHS specifically. In its report, the NAO (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/why-computer-criminals-are-targeting-the-nhs/