Out-Law News | 06 Feb 2017 | 5:20 pm | 2 min. read
A freedom of information (FOI) request by IT service provider RES found that 88 NHS trusts out of 260 across England, Scotland and Wales had experienced a ransomware attack during the period. More than half (57%) of NHS trusts in Scotland were attacked by ransomware, RES said.
Ransomware is a type of cyber attack that sees hackers install malicious software on to computer systems that prevent organisations carrying out everyday operations or accessing data or other assets. Organisations are prompted to make a payment to the hackers to bring about an end to the attack.
Jason Allaway, vice president of UK & Ireland at RES, said health bodies are "a prime target for attackers due to the nature of the data they hold".
Allaway said: "Rather than the purely monetary value of data from many businesses and other sectors, healthcare has long been a top target for ransomware attacks as access to the data they hold can literally be the difference between life or death. Hackers know the hospital will have to pay or risk patients’ wellbeing."
Cyber risk specialist Philip Kemp of Pinsent Masons, the law firm behind Out-Law.com, late last year said that new informal guidance to businesses on preventing ransomware attacks, issued at the time by the UK's Information Commissioner's Office (ICO), should serve as a catalyst to organisations to consider how they might best mitigate against the increasing risk of ransomware attacks.
Kemp said: "The ICO's guidance offers practical tips that provide a valuable starting point for any organisation turning to the risks of ransomware. One of the key messages to take away from that guidance is the risk that even if a ransomware payment is made decryption may not be successful, which can mean that back-ups take on fundamental importance for business continuity."
"Sophisticated ransomware attacks are capable of encrypting not only a single computer or server, but also any networked devices. Where a back-up is stored on a networked device that back-up may also be vulnerable to encryption. In a worst case scenario ransomware attackers could not only compromise an entire business network and lock staff out of accessing data, but also lock out any back-up stored on a network device," he said.
Kemp said there are simple steps that organisations can take to mitigate the impact of such an attack, such as "segmenting networks or limiting user privileges to ensure that certain user accounts are not capable of running executable files on networked devices".
"It is also important that, where possible, businesses operate distinct, offline, offsite back-up systems to their live environment," he said. "This can ensure that even if the main system is compromised in a ransomware attack, the business can restore access operations and data from a back-up untouched by any ransomware."