When NHS staff from 48 Trusts across the UK switched on their computers on Friday 12th May, they found the modern equivalent of a pirate flag raised on their computer screens. A red and white pop-up window bore the heading: “Ooops, your files have been encrypted!” and went on to detail the terms under which the stolen information could be recovered.
Terrified staff received the stark message that if they wanted to retrieve their files, they had only three days to pay up. “After that, the price will be doubled,” it warned, adding: “If you don’t pay in seven days, you won’t be able to recover your files forever.” Locked out of patient records and unable to access other vital information, the Trusts affected were forced to cancel medical appointments, tests and operations. In some areas people were asked not to attend A&E unless they had a life-threatening condition or emergency.
Why did it happen?
The ransomware used by these digital pirates is a type of “worm” that has the ability to spread automatically from one machine to another without any user intervention. Just one vulnerable, unsecured device can provide a gateway to the worm, which rapidly spreads and proliferates to infect every computer in a network.
Recent news reports have pointed to the fact that some essential “cyber hygiene” measures have not been implemented to protect NHS records, with accusations that the government failed to keep up an annual £5.5m protection deal with Microsoft (last renewed in 2014) and that individual Trusts are not only using obsolete systems, but have failed to patch their computers with the latest security updates.
Cyber crime specialist and barrister Robert Edwards says that in order to avoid further attacks, the NHS must rely on “the enforcement of robust security countermeasures combined with education within the workforce.”But while the NHS continues to run on old and less reliable systems (including, in some cases, the sixteen-year-old Windows XP operating system) there remains a high probability that Trusts will fall victim to further hacks in the coming months and years. As the pressure to find a secure solution mounts, it is almost inevitable that NHS administrators will need to look outside their own departments for help.
Pushing back the cyber pirates
If you are an NHS manager tasked with protecting files from future cyber attacks, we can help. At Storetec we use the latest, ultra-secure technology to digitise and host your vital documents.
This means we can not only scan items such as patient records, Lloyd George notes, healthcare commissioning records and drug and medication documentation, we can also host those documents on our own cloud-based system (known as FreeDocs), which allows users to track, access and share files 24/7 from anywhere in the world. That means that files will be safely stored in encrypted form - protected by your own secure passwords - and the cyber pirates will be forced to sail on in search of a more vulnerable target.
To find out how Storetec’s cloud storage could help your protect vital records and files, contact our expert team today!