twitter facebook rss

NHS Trusts and the threat from ransomware

Posted by on November 19, 2016.

Healthcare has become a major target for extortionists for two primary reasons: firstly, patients rather than profits are the priority with less being spent on IT and security than by outright commercial firms; and secondly, there is huge pressure to get systems back up and running when health and potentially lives are at stake. These are ideal conditions for extortionists; but NHS Trusts in the UK do not appear to be taking the threat very seriously.

Sky News used FoI laws to uncover the state of cybersecurity in UK NHS Trusts. The result is not reassuring. Sky’s account of the outcome includes:

Jennifer Arcuri, co-founder of Hacker House, told Sky News: “I would have to say that the security across the board was weak for many factors.

“Out of date SSLs, out of date software, it was very clear that you could bypass any number of these trusts just by doing the right recon online.”

Even without the growing threat of ransomware, security breaches have been escalating:

The investigation also revealed that trusts are suffering an increasing amount of personal data breaches, from 3,133 in 2014 to 4,177 last year, and that cyber incidents are accounting for more breaches, from eight in 2014 to 60 last year.

High-Tech Bridge, a firm that provides free online basic security checks, independently confirmed Sky’s results. It announced Friday,

The results are borne out by simple tests using High-Tech Bridge’s free SSL testing service, which demonstrates a wide variation in SSL security within Greater London NHS Trusts alone, with Imperial College Healthcare NHS Trust getting an A+, while Lewisham and Greenwich NHS Trust gets a C. In short, Imperial is compliant with PCI DSS, while Lewisham is not only non-compliant with PCI DSS, but vulnerable to POODLE over SSL and Drown attacks.


But there is a further reason for healthcare to take ransomware more seriously. A new survey by Vanson Bourne for next-gen security firm SentinelOne provides compelling evidence that ransomware is evolving into a tool for more than just financial extortion: it is becoming a weapon of destruction.

Of the companies surveyed (this is not just healthcare, but cross sector), 14 admitted to having paid a ransom. It could be more – throughout this survey, UK companies rarely admit to paying ransoms. But notice the figures: 86% of the extortionists attempted to get more money, and 57% never decrypted the files despite having been paid. If encrypted files are left unencrypted, it’s similar to being attacked by wiper-style destructive malware.


Now relate these figures to the assumed assailants:


What becomes very clear is that a high percentage of extortionists are not considered to be traditional criminals seeking financial gain. Twenty-four percent of attacks are thought to come from disgruntled employees and former employees, while 18% are dissatisfied customers.

It is not possible to directly relate dissatisfied customers to those extortionists who left the files encrypted. But it seems likely that there is at least some correlation. Given the lack of security in the NHS, and the potential for ransomware to be employed without any intention of decryption, it is time for UK healthcare to start taking security far more seriously.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions, News, News_vulnerabilities | Tags: