J73105 ANALYSING WANNACRY RANSOMWARE ATTACK IN UK HOSPITAL
The technological advancements have brought a new era which has enforced the current system to change and also update accordingly. One of these modern changes is the way of modern warfare through technology and computer systems in form of different cyber attacks. As different systems gets more modernized and becomes online, the get more vulnerable to these attacks. This makes the possibility of the cyber also higher because in this modern world almost every organisation is dependent upon the computer systems. Similarly one of the biggest and the most effective cyber attack took place around the world while targeting different organisations in form of “Ransomware” (O'dowd, 2017). This attack also targeted the NHS of England which will be discussed and reviewed in this paper.
What Was the Attack?
This cyber attack was in form of ransomware also known as WannaCry or WannaCrypto 2.0. This attack encrypted the data of different management systems of the NHS which limited the accessibility of the NHS staff to access their computer system’s data. To access the data, the organisation had to pay the demanded amount. The attack was conducted was through the “phishing” techniques which are delivered through email including recipients who then opens the mail and the malware is installed to the system without the recipient'sacknowledgement (Gayle et al., 2017). After the computer system is affected, it blocks the files and encrypts them so they can no longer access them. In the end, the user is demanded to pay in form of a crypto-currency such as the bitcoin in this cases to restore the access.
This attack was conducted on 12th of May, 2017 worldwide while affecting around 200,000 computers in different countries and different organisations around the world (Hoeksma, 2017). To maintain the patient’s health care, NHS UK at around 4 PM announced officially about the cyber attack while also implementing emergency procedures to counter the effects of this cyber attack. This attack was finally countered when a network security investigator enabled a disconnect switch to prevent this ransomware from further locking the system. The attack which was focused on the NHS system affected different trusts across England which included almost 80 trusts out of the 236 in total. Different sectors of the health care system were affected which included 595 general clinics and 603 primary care (O'dowd, 2017).
It was also noticed that prior to the attack of WannaCry, the ministry of health and their related offices were working to strengthen the cybersecurity system of the National Health System (Mansfield-Devine, 2017). The major steps were the NHS digital system which allows the computer system to transmit the alert to the concerned authorities on any kind of cyber attack. This system would allow the systems to conduct on-site assessments of the whole system and also providing a direct line to handle the incidents. Another major step was by the National Data Guard which recommended setting 10 data security standards in the whole system of UK National Health Insurance and NHS (Armstrong, 2017). This contract also included the term by which the local teams and their boards were to given awareness training regarding different kinds of cyber attacks and how to handle them. However, soon after the attack of WannaCry, the health sector decided to announce a new plan which could be more effective and efficient in strengthening the security system of the whole NHS organisation’s network.
It has been well known that the cyber attack in the social and health care department could lead to illness throughout the sector which was also observed in this ransomware attack while also creating an impact on the health of different patients.The level of the impact could be evaluated from an example when the CQC-Care Quality Committee reported that some often trust companies were unable to contact with the social service departments (Clarke and Youngstein, 2017). Although CQC forwards NHS Digital’s recommendations, hospital patients may experience delays in social care and the NHS England Social Assistance provider helps manage any disruptions (Collier, 2017).
The Risk of Cyber Attacks Affecting the National Health Service
There have been various attacks on the NHS before May 2017 when this ransomware cyber attack happened. For example, the extortions software attack on the NHS trust in October 2016, also influenced their operations while cancelling 2800 negotiations (Martin et al., 2017). It was also observed that the health ministry was informed about the risk of this kind of attack for which the steps were undertaken to revise the whole network security of NHS. For this, the Guardian and CQC were approached by the Director of Health to review the data security system of NHS according to which a security revision plan can be drafted. This review published in July 2016 made the organisation realised that these cyber attacks can cause a severe threat and compromise patient information and injuries to obtain critical medical records from the systems (Collier, 2017).
The CQC suggested and recommended that all health and medical care organisations need to provide enough evidence that they are taking effective measures to strengthen their cyber security which includes several steps including the step of removing their old or outdated computer systems (Gayle et al., 2017). The department and its independent agencies of the NHS were unaware of the outcomes of the cyber attacks on the UK or whether they could bear the attack at their full potential of cybersecurity. Local health care organisations such as the clinical and trust commissioning groups were responsible for protecting the information and responding to emergencies or accidents which also includes different forms of cyber attacks. These local health agencies were supervised by the extended agencies of the ministry which recommended the department and cabinets to draft a strong and effective plan to migrate from old operating systems such as the Windows XP by April 2015 (Mansfield-Devine, 2017). This would allow them to have a strong system for managing and installing upgraded security systems.
On the contrary, the department had no effective system which could assess whether the health and the social care departments had taken any steps against their recommendations until the attack happened which enforced them to run a complete assessment of their security systems (O'down, 2017). After the attack, the NHS digital in their assessment conducted a site test 88 of their total 236 sites. None of the security systems of the sites was approved by them while exemplifying the vulnerabilities it had on their confidential data which could be exploited. The main barrier is the legal constraints as the NHS Digital could not force the local agencies to take any kind of action which could even lead to different kind of vulnerabilities (Martin et al., 2017).
Effects of WannaCry on NHS
The attack of WannaCry created an impact on the UK trust by causing them damage of up to 34%. Overall 37 trusts were identified to be affected with the malware of WannaCry whereas 80 patients were directly affected in the total of 236 trusts such as (Collier, 2017):
· 34 infected and banned devices of which 25 were of acute trusts.
· 46 were not infected with this ransomware, but the report was interrupted. For instance, these trusts closed their email and another system as a precautionary measure because they did not receive the Central Committee ahead of May 12, telling them what to do to make their own decisions. This resulted in making them use the paper and the pen for normal electronic execution of the activity (Hoeksma, 2017).
The NHS England and Digital NHS tryst identified another 21 attempts to contact the domain WannaCry, but they did not lock their devices which could be the reason for these attempts. After the interrupt switch was activated, the trust may have been infected and therefore has not been locked out of its connected device (Gayle et al., 2017). The other reason could be a protocol of their cybersecurity campaign to contact the WannaCry domain. On further investigation after the attack, it resulted that more 603 systems of the NHS organisations and the primary health care sectors were also victimised because of WannaCry which also included 595 general clinics. Another complication in the investigation process by the agencies that they were unable to access or receive a record of information because these health and care sectors do not share the data because of confidentiality related concerns. However, it has been clearly mentioned by the NHS Digital that no data of the patients were compromised because of this cyber attack (Clarke and Youngstein, 2017).
Holding a PhD degree in Finance, Dr. John Adams is experienced in assisting students who are in dire need...
55 - Completed Orders
Canada, Toronto I have acquired my degree from Campion College at the University of Regina Occuption/Desi...
52 - Completed Orders
Even since I was a student in Italy I had a passion for languages, in fact I love teaching Italian, and I...
102 - Completed Orders
To work with an organization where I can optimally utilize my knowledge and skills for meeting challenges...
109 - Completed Orders
JOB OBJECTIVE Seeking entry level assignments in Marketing & Business Development with an organization...
202 - Completed Orders
Current work profile Project manager- The Researchers Hub (2nd Jan 2016 to presently working) Researc...
20 - Completed Orders
Sales Assistant, Mito Marina Assigned to the Stationery dept – assisted in merchandising, stock taking...
100 - Completed Orders
Personal Profile Dedicated and highly experienced private chauffeur. High energy, hardworking, punctua...
200 - Completed Orders
I'm Lizzy, full time education specialist in English, Essay Writing, Economics and Maths. Having Assi...
109 - Completed Orders