Aug 14, 2022

Armis provides an in-depth analysis of recent NHS cyber and ransomware attacks

Blog Header – Blog – NHS attack -v2

The latest attack on the NHS 111 system – which has been confirmed to be a ransomware attack on a managed service provider (MSP), has left patients scrambling to book necessary medical appointments, get emergency prescriptions, and dispatch ambulances. The attack, identified on the 4th of August, could take weeks to get all services back and operational, with Government ministers coordinating a ‘resilience approach’ to deal with the attack and get critical NHS systems back up and running as soon as possible.

Unfortunately, this is another example of why securing assets that underpin a critical service can be a matter of life and death. After all, the consequences of ambulance delays and chaos, a service that depends on speed to save lives, could be fatal. And, at Armis, we’ve seen a worrying trend where MSPs providing a critical service have been targeted by various criminal groups over the last 18 months.

Ransomware rears its head again

The cyber attack was first spotted in the early hours of the 4th of August, and people contacting health services on Friday were quickly warned to expect delays. Health Secretary, Steve Barclay, said he was “being regularly briefed on the incident”, and “NHS England has contingency plans in place in areas affected.” However, the BBC states Advanced, the MSP which provides digital services like patient check-in and NHS 111, says it may take three to four weeks to recover fully.

This isn’t the first time ransomware has caused serious disruption to the NHS and major healthcare organisations. NHS security professionals will no doubt remember WannaCry and then more recently the ransomware attacks in Ireland. Clearly, the need to better defend and secure all systems and devices in hospitals is evident. Ransomware is the key cyber threat facing the UK and the NHS, just like every other organisation, needs to mitigate the risks and ensure strong, resilient defences are in place.

Cyber resilience and the NHS

Healthcare has always been a prime target for cybercriminals, as well as the providers of services to these Trusts that are so critical to societal well-being. And the expanded attack surface of IoT and connected medical devices has exponentially increased vulnerabilities in the last few years.

Additionally, the attack comes at a post-pandemic time when the strain on resources, particularly around staffing, has become a major challenge for Trusts to keep up with demand in almost every area. But, following the attack, further scrutiny will be placed on the robustness and resilience of the NHS defences and the MSPs they work with. The question needs to be: Are suppliers to the NHS, like Advanced, implementing best practices to protect themselves and critical patient data, or are outsourced providers a big threat landscape to the NHS?

Emphasising the problem is the critical nature of the service these providers run. They are tasked with securing major operational systems containing massive amounts of sensitive data and facilitating critical health activities, such as ambulance bookings. Delays and disruptions in these areas can have a huge knock-on effect. To address this, the NHS are turning towards Best practices and frameworks to measure what is appropriate and proportionate levels of cyber resilience. Data Security and Protection Toolkit, and the Scottish public sector cyber resilience framework, are increasingly being used as measures to prove diligent governance of cyber risk.

Research shows NHS Trusts are being targeted at record-high levels

Although major steps have been taken to change this, there’s no doubt that the NHS is still particularly vulnerable. 

Armis’ research of NHS Trusts has shown that “suspicious activity” – including exploit attempts, drive-by attacks, port scans, and connections to the dark web – have risen by 80% since this April, though the Trusts’ abilities to protect themselves from these threats have remained the same since pre-April. Additionally, 41% of NHS Trusts don’t have a real-time risk register of all digital assets connected to their networks.

What is clear from these figures is that NHS infrastructure is being targeted more heavily than ever before, with our own data seeing a significant uptick to threat alerts, so gaining visibility and understanding the nature, function and importance of all connected assets is vital to the health of these critical services.

However, with the mass cyber ‘noise’ being thrown toward NHS Trusts, they don’t have any more resources. And more distractions unfortunately mean more risk and less certainty. NHS Trusts must build upon their existing cyber maturity levels, but also, clearly, more emphasis should be put on third-party providers to demonstrate the same level of capabilities and maturity that NHS Trusts have to demonstrate. That includes best practice frameworks, interpreting the NIS regulations, demonstrating metrics against those requirements, and then demonstrating strong maturity levels in those requirements.

Discover more about the Armis platform and how it can help your organisation automate device inventory and utilisation tracking and mitigate threats to secure the entire patient journey.

Get Updates!

Sign up to receive the latest news

path-12-path-12-path-12-mask