All National Health Service (NHS) and social care organisations in the United Kingdom have always been and will always be a target for bad actors. The nature of their business and the sensitive data they hold make these entities appealing to bad actors who know that legacy systems, and/or, not regularly patched systems, such as those employed by healthcare organizations are easy to penetrate. Such attackers also figure that they can easily use disrupted IT assets within hospitals to get what they want.

These motivations have played out in various ransomware campaigns over the years. Back in May 2017, for instance, the global WannaCry ransomware outbreak succeeded in affecting 34% of NHS trusts in England. Those attacks leveraged a Microsoft SMB vulnerability to compromise users’ machines and spread throughout the infected network. Now years later, we’re seeing that malicious actors are deploying ransomware more quickly in hospitals than they are with other targets. The Wall Street Journal reported that nefarious individuals are doing so because they assume that healthcare officials are more inclined to fulfil the ransom demands so as to continue operating during the coronavirus 2019 (COVID-19) crisis.

Speaking of COVID-19…

It goes without saying that COVID-19 has had and will continue to have a major impact on the IT systems that NHS and similar organisations were using prior to the pandemic. The crisis has forced these entities to adapt to a set of new digital security challenges in a very short time. The challenges include scaled-up connectivity resources and unplanned hardware and application spending—all while dealing with a lack of sufficient budget and resources.

In response, IT teams had no choice but to take immediate action to cater to the “work from home” instructions from the UK government. Their orders were clear: keep the network running (Read more...)