As widely reported, an international ransomware attack has hit computer systems in 150 countries, affecting hundreds of companies, businesses and specifically one of the most important sectors in the UK, healthcare. The malware that was used is called WannaCry, a very fitting name for all the feelings of despair that it undoubtedly evokes in its victims. The hackers demanded payment in Bitcoin money in return for access to patients' medical records and other critical information. It is believed that the attackers have leveraged a stolen NSA malware product that was initially created to be used in surveillance to spy on terrorists.
In the UK, almost 50 National Healthcare System (NHS) trusts were breached and their data was held hostage. Victims who were prepared with backups were able to easily reset their systems and get back to work, but not everyone was this fortunate.
Takeaway #1: Keep full backups of all systems.
Many hospitals were forced to cease all operations simply because they could no longer access test results, doctor appointments, and personal health records (PHR). Patients who were preparing to undergo surgery had their long-awaited appointments cancelled. All infected companies travelled back in time after being forced to revert to pen and paper, but thankfully there have been no highly detrimental effects. Fortunately, the NHS has said that as of yet, there has been no indication that the malware has compromised PHRs.
The reason why this malware was able to easily overpower many systems is due to the lack of adherence to the warnings of security experts and government officials. UK Health Secretary, Jeremy Hunt had previously advised hospitals and healthcare providers to upgrade and patch their systems.
Takeaway #2: Keep all systems using updated and patched software.
Many healthcare organisations did not heed his warnings and continued to use Windows XP, a version which is extremely vulnerable to attack, since it is no longer supported by Microsoft and cannot be updated with protective software patches.
However, older versions of Microsoft were not the only ones that were infected. About three months prior to the attack, Microsoft released an update to patch the vulnerabilities that allow a malware like WannaCry to infect computer systems. Consequently, anyone who did not upgrade their software is also vulnerable. The malware was able to spread quickly through the systems. This is because it is fused with a worm that helps it replicate and extend to computers that share a network with already infected devices.
Thankfully, infected organisations are beginning to recover and the virus has been contained after a cyber security researcher unknowingly saved the day. After noticing an anomaly in the malware's activities, 22-year old Marcus Hutchins, whose screen name is MalwareTech, bought the domain that the malware was repeatedly trying to access. This successfully activated its kill switch and temporarily prevented it from spreading.
Although the NHS is at fault for its unsatisfactory levels of security, it is quite clear that its incident response plan (IRP) was implemented in an efficient manner. The UK Home Secretary, Amber Rudd, said that she would like to thank staff members in the NHS who have worked hard in allowing hospitals and surgeries to go back to running smoothly. She also said that 97 percent of NHS trusts and healthcare providers are back to normal because of the resilience that was previously implemented. The fact that the NHS was able to recover quickly is of little comfort to patients if health care providers do not learn from this attack, take the initiative, and secure their systems.
But Hutchins warns that the attack is not over yet because it is quite easy for the hackers to re-adjust the code and launch another series of attacks. Although he predicted that another attack would hit by Monday, the number of victim organisations has not increased significantly. That is with the exception of organisations who returned to work after the weekend to find their systems down.
Takeaway #3: Organisations and individuals need to be prepared for what will come, train their personnel regarding security issues like malware, and learn from what has already happened.