Healthcare Industry a Prime Target for Cyber Attacks
The ransomware attack, claimed by Inc Ransomware collective, allegedly stole 3TB of sensitive information.
Recently released data belonging to patients of NHS Dumfries and Galloway surfaced on the dark web following an initial ‘proof pack’ leak in March when the hackers’ demands for payment were not met.
Speaking on the attack, Keiron Holyome, VP UKI & Emerging Markets, BlackBerry said: “This latest attack on the NHS, at Dumfries and Galloway in Scotland, highlights that threat actors can use any poorly-protected endpoint to enter and cripple a system.”
Cybersecurity in the NHS
The NHS has long been the target of hacks. Catering to the majority of the UK population, the healthcare provider has the largest repository of health data in the world.
Yet, cybersecurity of the organisation remains sketchy and implemented in a piecemeal fashion.
Following the 2017 WannaCry ransomware attack that affected 80 out of the 236 NHS trusts, a NHS Digital inspection revealed that none of the 200 NHS trusts examined passed a cyber security vulnerability inspection, with a number of them still using Windows XP, a operating system that was already 17-years-old at the time.
Blackberry’s latest threat intelligence report released in March 2024 found that 62% of attacks targeted critical industries, including healthcare, exploiting security misconfigurations or unprotected legacy systems.
Sensitive NHS data has high value, up to nine times as much as banking information, and risks being held to ransom, released to the dark web, or sold to the highest bidder. Thus, ransomware is one of the main and growing threats across the health and care system.
With this latest breach for NHS Scotland, as in the 2017 WannaCry attack, no money has been paid. Following the March attack, NHS Dumfries and Galloway health board Julie White has confirmed a joint investigation with other national agencies including the Scottish Government, police and National Cyber Security Centre is underway to assess what information has been published.
Industry’s approach to attacks
A recently released Sophos report highlighted how 98% of US organisations who were the victim of a ransomware attack reported the attack to law enforcement or government regulators. 65% of those who engaged authorities received help investigating their attack.
Compliance frameworks such as GDPR and HIPAA now mandate cyber incident reporting, and insist organisations must establish a continuous monitoring and reporting mechanism to deal with incidents proactively and minimise compliance deviations.
Lewis Shields, Director, Dark Ops at ZeroFox argues the monitoring should extend to the dark web: “The difficulty here is that dark web sites are not accessible by traditional search engines and browsers, meaning this goldmine of data is often missed by traditional security tools.
“Therefore, dedicating resources to monitoring these communities will enable companies to better understand their external attack surface and stay ahead of the evolving cyber threat landscape. Implementing a comprehensive dark web monitoring will extend the reach of an organisation’s security team to give them greater insight into emerging threats and hopefully, stop them before they become a problem.”
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
