For those who are motivated to do so – and there are many – the NHS will continue to be one of the most tempting targets or malicious attack: it is one of the noblest, most ambitious exercises in maintaining the health of an entire population, accessible to all and free at the point of care. It defines all that is best about our national identity.
May 12 2017 saw the first widely-noticed effects of the WannaCrypt ransomware attack on the NHS. The ransomware, discovered to have used vulnerabilities exposed by the NSA-developed EternalBlue exploit, spread very rapidly, mostly via unpatched Windows 7-equipped devices. The impact was eventually found to have impacted more than 80 of the 230+ NHS trust organisations, many specialising in acute care. Approaching 10,000 appointments were cancelled, with an unquantifiable impact on clinical outcomes for those affected. While some trusts were not internally damaged by the attack, patient outcomes were nonetheless affected by the interdependence of shared systems and processes, and the lack of availability of medical diagnostic services such as MRI scanning and blood analysis. Many person-years of clinical productivity was wasted. Thankfully, one small consolation is that it seems that there had not been a loss of patient medical data as a result of this attack.
Naturally, money has been promised to reduce risk of similar attack, and large-scale procurements are underway, involving IT consultancies, specialist IT providers, NHS Digital, and the UK Government.
Vectors of attack:
The vulnerabilities of such a large, varied and interconnected system such as the NHS IT infrastructure, means that there is an almost infinite matrix of possible means of impairment, with can be grouped into the following categories:
Social Engineering / Phishing
Exploitation of system vulnerabilities / Zero Day attacks
Elements of the solution:
The impact of impairing the disparate IT systems and the clinical processes that rely on them is literally life-threatening: approaching 10,000 clinical appointments were cancelled as a direct impact of WannaCrypt
No single technical solution exists for such an enormous and diverse IT infrastructure; indeed poorly or incorrectly used mitigating technologies can give misleading views about the health of an IT estate.
From a technology perspective, centralised command and control infrastructure may be beneficial, but only if informed by up to date situational information, and supported by the ability to quarantine or otherwise isolate infected areas of the system.
This image was taken by Shimelle Laine, and is used under the terms of the creativecommons licence 2.0 for reuse