Nearly half of all NHS Trusts in England have admitted to falling victim to cyber attacks by ransomware within the last year.
In data obtained by cyber security firm NCC Group via freedom of information requests, 47% of trusts claimed to have been infected by the malicious malware, which can encrypt files and then demand a ransom for their release. Sixty trusts in total responded to the FOI requests, with 31 withholding information on the grounds of patient confidentiality. Twenty-eight trusts confirmed that they had been hit by ransomware. Only one trust avoided an attack in the last year, but said they had been attacked in the past.
Due to the sensitive nature of data held by NHS Trusts, a ransomware attack could have major repercussions for hospital services and patient care.
Ollie Whitehouse, Technical Director at NCC Group, said: “The damage that a successful ransomware attack can cause makes these findings not simply an issue for a Trust’s IT team, but for its board of directors too.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Paying the ransom – which isn’t something we would advise can cost significant sums of money, yet losing patient data would be a nightmare scenario for an NHS Trust.”
Whitehouse also claimed that the growing sophistication of ransomware meant that prevention is now the most important course of action: “In the past the ransomware writers were sometimes quite careless and there was often a way to retrieve files. However, they have improved their capabilities and data retrieval is usually no longer an option.”
Many ransomware attacks are delivered via well disguised phishing emails crafted to seem as legitimate and non-threatening as possible, such as parcel delivery notifications and fake customer complaints.
Date: August 26, 2016