This blog is going to focus on an incident last week that
provides an example of some things that I have talked about in previous blogs.
A ransomware attack, “WannaCry”, hit Friday afternoon and spread rapidly. One
of the groups affected by this was the National Health Service organizations in
the UK. The ransomware is malware that affects a vulnerability in Windows XP or
Windows Server 2003. Both of these are operating systems that Microsoft had
stopped supporting. So what exactly does this do?
WannaCry gets passed through emails or fake ads. It creates
encrypted copies of files on the victim's computer, and deletes the originals,
leaving the victim with only the encrypted copies, which cannot be accessed
without a decryption key (Curtis, 2017) . It then demands a ransom, which has
been small thus far, in the $300-$600 range. This caused major issues with the
NHS.
Barts health NHS Trust In London had to cancel routine
appointments and ambulances were diverted to other hospitals. It also affected
their referral system. It recommends patients for treatment with specialists
and cancels the treatment if the referral isn’t made within two weeks (Veselinovic & Hilary, 2017) . Organizations were
not able to access any health records. In fact Dr Emma Fardon told the BBC that
they couldn’t tell what drugs patients were on and what allergies they had (Health, 2017) . So why did this
happen and could it have been prevented?
Microsoft knew of the vulnerability and actually released a
patch for it in March (Graham, 2017) . Unfortunately, many people do not
regularly update their software as recommended. For example, whenever I turn on
my computer the first thing I do is update my Anti-virus software, and then
check for updates from Microsoft. Thus, my system was protected from this
exploit. Another issue that affected the hospitals however was that many of
them are using outdated software; software that Microsoft no longer updates.
Microsoft, however is pushing out updates to older systems to prevent spreading
to older systems (Johnson, 2017) . This issue in part addresses my
previous blog, the fact that the health community doesn’t have adequate
training and resources to operate securely. The most important thing to prevent
this was to update the software in the first place. This, however, requires
funding since systems must be maintained including switching from Windows XP or
2003 to the current OS, Microsoft 10.
What this incident shows is that governments need to invest
more resources into healthcare, in particular, with regards to the IT aspect.
Look at how much damage this incident has created, rerouting ambulances,
preventing access to patients’ records, and preventing referrals. All of these
impacts can cause people their lives.
References
Curtis, S. (2017, May 15). Who is behind the
WannaCry ransomware attack crippling NHS hospital trusts across the UK?
Retrieved from Mirror:
http://www.mirror.co.uk/tech/who-behind-nhs-cyber-ransomware-10410865
Graham, C. (2017, May 13). NHS cyber attack:
Everything you need to know about 'biggest ransomware' offensice in history.
Retrieved from The Telegraph: http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/
Health. (2017, May 13). NHS cyber-attack: GPs and
hospitals hit by ransomware. Retrieved from BBC:
http://www.bbc.com/news/health-39899646
Johnson, A. (2017, May 15). 'WannaCry' Malware
Attack Could Just Be Getting Started: Experts. Retrieved from NBC News:
http://www.nbcnews.com/news/us-news/blockbuster-wannacry-malware-could-just-be-getting-started-experts-n759356
Veselinovic, M., & Hilary, M. (2017, May 12). UK
prime minister: Ransomware attack has gone global. Retrieved from CNN:
http://www.cnn.com/2017/05/12/health/uk-nhs-cyber-attack/index.html
No comments:
Post a Comment