J73105 ANALYSING WANNACRY RANSOMWARE ATTACK IN UK HOSPITAL
The technological advancements have brought a new era which has enforced the current system to change and also update accordingly. One of these modern changes is the way of modern warfare through technology and computer systems in form of different cyber attacks. As different systems gets more modernized and becomes online, the get more vulnerable to these attacks. This makes the possibility of the cyber also higher because in this modern world almost every organisation is dependent upon the computer systems. Similarly one of the biggest and the most effective cyber attack took place around the world while targeting different organisations in form of “Ransomware” (O’dowd, 2017). This attack also targeted the NHS of England which will be discussed and reviewed in this paper.
What Was the Attack?
This cyber attack was in form of ransomware also known as WannaCry or WannaCrypto 2.0. This attack encrypted the data of different management systems of the NHS which limited the accessibility of the NHS staff to access their computer system’s data. To access the data, the organisation had to pay the demanded amount. The attack was conducted was through the “phishing” techniques which are delivered through email including recipients who then opens the mail and the malware is installed to the system without the recipient’s acknowledgement (Gayle et al., 2017). After the computer system is affected, it blocks the files and encrypts them so they can no longer access them. In the end, the user is demanded to pay in form of a crypto-currency such as the bitcoin in this cases to restore the access.
This attack was conducted on 12th of May, 2017 worldwide while affecting around 200,000 computers in different countries and different organisations around the world (Hoeksma, 2017). To maintain the patient’s health care, NHS UK at around 4 PM announced officially about the cyber attack while also implementing emergency procedures to counter the effects of this cyber attack. This attack was finally countered when a network security investigator enabled a disconnect switch to prevent this ransomware from further locking the system. The attack which was focused on the NHS system affected different trusts across England which included almost 80 trusts out of the 236 in total. Different sectors of the health care system were affected which included 595 general clinics and 603 primary care (O’dowd, 2017).
It was also noticed that prior to the attack of WannaCry, the ministry of health and their related offices were working to strengthen the cybersecurity system of the National Health System (Mansfield-Devine, 2017). The major steps were the NHS digital system which allows the computer system to transmit the alert to the concerned authorities on any kind of cyber attack. This system would allow the systems to conduct on-site assessments of the whole system and also providing a direct line to handle the incidents. Another major step was by the National Data Guard which recommended setting 10 data security standards in the whole system of UK National Health Insurance and NHS (Armstrong, 2017). This contract also included the term by which the local teams and their boards were to given awareness training regarding different kinds of cyber attacks and how to handle them. However, soon after the attack of WannaCry, the health sector decided to announce a new plan which could be more effective and efficient in strengthening the security system of the whole NHS organisation’s network.
It has been well known that the cyber attack in the social and health care department could lead to illness throughout the sector which was also observed in this ransomware attack while also creating an impact on the health of different patients.The level of the impact could be evaluated from an example when the CQC-Care Quality Committee reported that some often trust companies were unable to contact with the social service departments (Clarke and Youngstein, 2017). Although CQC forwards NHS Digital’s recommendations, hospital patients may experience delays in social care and the NHS England Social Assistance provider helps manage any disruptions (Collier, 2017).
There have been various attacks on the NHS before May 2017 when this ransomware cyber attack happened. For example, the extortions software attack on the NHS trust in October 2016, also influenced their operations while cancelling 2800 negotiations (Martin et al., 2017). It was also observed that the health ministry was informed about the risk of this kind of attack for which the steps were undertaken to revise the whole network security of NHS. For this, the Guardian and CQC were approached by the Director of Health to review the data security system of NHS according to which a security revision plan can be drafted. This review published in July 2016 made the organisation realised that these cyber attacks can cause a severe threat and compromise patient information and injuries to obtain critical medical records from the systems (Collier, 2017).
The CQC suggested and recommended that all health and medical care organisations need to provide enough evidence that they are taking effective measures to strengthen their cyber security which includes several steps including the step of removing their old or outdated computer systems (Gayle et al., 2017). The department and its independent agencies of the NHS were unaware of the outcomes of the cyber attacks on the UK or whether they could bear the attack at their full potential of cybersecurity. Local health care organisations such as the clinical and trust commissioning groups were responsible for protecting the information and responding to emergencies or accidents which also includes different forms of cyber attacks. These local health agencies were supervised by the extended agencies of the ministry which recommended the department and cabinets to draft a strong and effective plan to migrate from old operating systems such as the Windows XP by April 2015 (Mansfield-Devine, 2017). This would allow them to have a strong system for managing and installing upgraded security systems.
On the contrary, the department had no effective system which could assess whether the health and the social care departments had taken any steps against their recommendations until the attack happened which enforced them to run a complete assessment of their security systems (O’down, 2017). After the attack, the NHS digital in their assessment conducted a site test 88 of their total 236 sites. None of the security systems of the sites was approved by them while exemplifying the vulnerabilities it had on their confidential data which could be exploited. The main barrier is the legal constraints as the NHS Digital could not force the local agencies to take any kind of action which could even lead to different kind of vulnerabilities (Martin et al., 2017).
Effects of WannaCry on NHS
The attack of WannaCry created an impact on the UK trust by causing them damage of up to 34%. Overall 37 trusts were identified to be affected with the malware of WannaCry whereas 80 patients were directly affected in the total of 236 trusts such as (Collier, 2017):
- 34 infected and banned devices of which 25 were of acute trusts.
- 46 were not infected with this ransomware, but the report was interrupted. For instance, these trusts closed their email and another system as a precautionary measure because they did not receive the Central Committee ahead of May 12, telling them what to do to make their own decisions. This resulted in making them use the paper and the pen for normal electronic execution of the activity (Hoeksma, 2017).
The NHS England and Digital NHS tryst identified another 21 attempts to contact the domain WannaCry, but they did not lock their devices which could be the reason for these attempts. After the interrupt switch was activated, the trust may have been infected and therefore has not been locked out of its connected device (Gayle et al., 2017). The other reason could be a protocol of their cyber security campaign to contact the Wanna Cry domain. On further investigation after the attack, it resulted that more 603 systems of the NHS organisations and the primary health care sectors were also victimised because of Wanna Cry which also included 595 general clinics. Another complication in the investigation process by the agencies that they were unable to access or receive a record of information because these health and care sectors do not share the data because of confidentiality related concerns. However, it has been clearly mentioned by the NHS Digital that no data of the patients were compromised because of this cyber attack (Clarke and Youngstein, 2017).
The major impact which was created because of this cyber attack was because thousands of patient’s consultation were cancelled which also included different therapeutic processes. Because of this, the patients had to travel to the emergency rooms which were witnessed in five areas (Collier, 2017). The main reason was that the patient’s data was not accessible to the concerned authorities for which actions could be taken. Anotherthe reason was that some of the appointments were cancelled so that they could manage the incident outcomes and only emergency and serious patients could be catered. Total of 19000 consultations were cancelled out of which 6912 were of NHS England alone based on the normal rate of follow-up visits and first consultation. However, these numbers by the NHS England were not accurate as told by them and were based on estimation (Gayle et al., 2017).
Since the date was not collected in the cyber attack, both the NHS England and the department of health and care system knew how many queries and appointments GP cancelled or how many patients and ambulances from five departments of accidents and emergencies could not treat the shunting of some patients (Gayle et al., 2017) . The UK National Crime Agency and the US Department of Homeland Security stated that none of any department of the NHS organisation paid the demanded ransom of any form (crypto-currency such as Bitcoin or paper money). However, the scale of damage was also unknown to them which could determine the vulnerability factor of thesecyber attacks on different computer systems. On May 14, it a warning was also given to the institutions to not to pay any kind of ransom (Clarke and Youngstein, 2017).
However, the cost of disruption did occur which included the fees of cancelling an appointment, additional IT support from IT consultants and NHS agencies and system costs in terms of restoration of data because of the ransomware attack. Local and national NHS officials worked overtime even on weekends which were from May 13th to 14th to solve the problem and reduce the vulnerability and outcomes of a new wave of WannaCry which was expected on 15th May, Monday (Collier, 2017). It was estimated that if the deactivations switch interrupt did not activate by a cybernetic investigator, a network attack may have resulted in more interruptions. On the May 12th evening, a cybernetic investigator activated an ‘interrupt switch’ to stop the ransomware attack from the block the computer systems and its data. This allowed some of the systems and the equipment to be safe from this cyber attack, even though the whole network of the health care sector could be infected due to this (Gayle et al., 2017).
NHS Response to WannaCry Attack
The attack of one of its kind showed the loopholes and the efforts needed in the health care sector’s security. For this different assessment were made which could allow the organisation to adapt to the modern change and update their computer systems and data network systems which could counter these types of cyber attacks (Hoeksma, 2017). The ministry of health and education developed and drafted a plan which clearly stated different responsibilities and roles of local and national organisations which they need to perform and implement. It was evaluated that the attack of WannaCry was different as compared to other cyber attacks which makes it difficult to counter it and make the system secure again. This was similar to the major traffic incidents in which one have to find the root cause of the problem, the scale of the impact and the number of individuals and organisations involved in it (Mansfield-Devine, 2017).
Since the attack only targeted only the Windows operating system platform, it was well recommended to update the operating systems and incorporate an effective security or firewall systems which could identify and target these kinds of attacks before it spreads out throughout the network (Armstrong, 2017). Furthermore, the National Health Service did not rehearse a nationwide cyber attack, it could not be clearly stated that who should be responsible for the instant response with such attacks and can counter the issues related to communication. The cyber attack of WannaCry began on the morning of 12th of May. In 16 hours, the NHS England cyberattack said a major event and 18 hours 45 mi began its existing contingency plan, preparedness, resilience and response to serve as a co-ordinated incident management single point support for digital NHS improvements (Martin et al., 2017).
As per the normal protocol of UK, it has been prescribed that in absence of clear policies on how to respond with a national cyber attack, local organisations report attacks on internal and external health departments from different organisations which also include local police reporting (O’down, 2017). The same scenario was also witnessed in this incident in which different local health and care sectors reported the complication initially to the security agencies and also consulted the NHS higher authorities. However, initially, the communication process was also difficult by which one office or organisation can contact to the NHS national agencies through email as the computer systems were blocked because of this cyber attack and the option of an official email was not accessible to them. The attack also smartly blocked the email system on the systems in form of a precautionary measure so that the defence system could be delayed. The connections were made through encrypted sessions from different platforms such as Whatsapp (Collier, 2017).
The main focus of the UK National Health System was to maintain and manage the provision of emergency care while following the serious incident management procedures. Since the attack was made on Friday, this led to the minimization of primary care interruptions which were often closed on the weekends while reducing the damage (Hoeksma, 2017). Very limited patients (total of five) were transferred to other emergency rooms and of the 25infetced acute trusts, 20 continue to treat emergency patients even over the weekends.
As the day passes and different organisations get more dependent on the online system networks and management systems, they get more vulnerable to these kinds of cyber attacks. No matter how much the security system gets updated, they will always be vulnerable to new or more dangerous attacks. The only way by which the systems can be secured is through continuous research and development to find new and updated viruses and ransomware and upgrade the systems accordingly from time to time.
Armstrong, S., 2017. Data, data everywhere: the challenges of personalised medicine. Bmj, 359, p.j4546.
Clarke, R. and Youngstein, T., 2017. Cyberattack on Britain’s National Health Service—a wake-up call for modern medicine. N Engl J Med, 377(5), pp.409-11.
Collier, R., 2017. NHS ransomware attack spreads worldwide.
Gayle, D., Topping, A., Sample, I., Marsh, S. and Dodd, V., 2017. NHS seeks to recover from global cyber-attack as security concerns resurface. The Guardian, 13.
Hoeksma, J., 2017. NHS cyberattack may prove to be a valuable wake up call. BMJ: British Medical Journal, 357.
Mansfield-Devine, S., 2017. Leaks and ransoms–the key threats to healthcare organisations. Network Security, 2017(6), pp.14-19.
Martin, G., Kinross, J. and Hankin, C., 2017. Effective cybersecurity is fundamental to patient safety.
Martin, G., Martin, P., Hankin, C., Darzi, A. and Kinross, J., 2017. Cybersecurity and healthcare: how safe are we?. Bmj, 358, p.j3179.
O’dowd, A., 2017. Major global cyber-attack hits NHS and delays treatment. BMJ: British Medical Journal (Online), 357.
O’dowd, A., 2017. NHS patient data security is to be tightened after cyberattack. BMJ: British Medical Journal (Online), 358.