Resources

Three takeaways from the latest attack on the NHS

Written by Chloe Schofield | Jun 19, 2024 4:03:47 PM

Another cyber attack has hit the NHS. On Tuesday, 4th June, news emerged of a ransomware attack on major London hospitals the previous day.

Since then, the NHS has launched an urgent appeal for blood donors as the attack has impacted hospitals’ ability to match blood to patients (if you have type O blood, you can find out about donating here).  

This is now one of the highest-profile attacks on the NHS since the devastating Wannacry incident 2017.

What we know so far

First, we need to know the exact method of attack. It would be irresponsible to speculate about this, but we do know a lot.

The attack has been attributed to a group called Qilin. They have no known location or political allegiance, but we know that they speak Russian and offer ransomware via the dark web.

They initiated a ransomware attack on Synnovis, a private provider of blood analysis to major London hospital Trusts.

1.     Cybercrime has real victims

The language of cybersecurity can sometimes be impersonal. But when discussing attack vectors, breaches and malware, we should never forget that the victims are not IT systems – they are people.

This attack is a devastating reminder of that fact, which occasionally gets lost in the tech-speak. Delays in operations and blood transfusions will cause real anxiety for patients and add to the stresses that NHS workers face. It has already been confirmed that these problems could take months to resolve.

Whether it's the public or private sector, the stakes are always high in cybersecurity. Every successful cyber attack has human victims.

2.     Suppliers and service providers are attack vectors too

This attack has hurt the NHS, but the direct target was a third-party supplier. This should be sobering to anybody with a stake in protecting their IT estate.

Whether public or private sector, organisations are not closed-off islands. They are interconnected with third-party suppliers, service providers and contractors, any of whom could be targeted as a vulnerability.

It highlights the importance of choosing third-party partners with this in mind. If you provide services to other organisations, Cyber Essentials accreditation is a great way to certify that you take security seriously. CyberSmart is a fantastic way to achieve this, as is Cyber Essentials Plus.

3.     Ransomware protection is obligatory

We may not know how Qilin infiltrated the Synnovis system, but we know they deployed ransomware. As in most ransomware attacks, this consisted of encrypting files and demanding a ransom to decrypt them.

Now, many effective methods exist to keep ransomware out of an IT system. But you can never rule out the possibility of attackers finding a way. What happens then?

When we exhibited at Infosecurity Europe, Imran Rai of Heimdal gave a superb presentation on exactly this question. He simulated a ransomware attack by running a command that encrypted a series of text files. He then ran the command again with Heimdal’s ransomware encryption protection feature switched on.

This automatically detected the attempted encryption, blocked it, raised an alert, and created a report showing the full life cycle of the attack and information on the ransomware strain itself. If undertaken manually, this kind of information can take weeks or months of investigation.

As it happens, Heimdal has a history of supporting the NHS. Find out more about Heimdal.

Act now, not later

Every organisation needs robust protection, and the channel is doing amazing things to help. We see it every day when working with our MSP partners.

As a cybersecurity distributor, Brigantia’s goal is to prevent attacks like this from happening. We select the best vendors, share our knowledge, and work with MSP partners nationwide to improve security standards.

Get in touch if you’d like to learn more.