New research from SentinelOne has revealed that 30% of NHS Trusts have suffered a ransomware attack, potentially placing patient data and lives at risk.
In the Freedom of Information study that the firm made to 129 NHS Trusts, responses were received from 94 whilst three refused to answer, stating that their response could harm their commercial interests. One Trust – Imperial College Healthcare NHS Trust – admitting to suffering an attack 19 times in just 12 months.
Despite all but two Trusts using antivirus on their endpoint devices, SentinelOne pointed to failings in outdated AV software as a significant problem when it comes to protecting patient records from malware. An example was Leeds Teaching Hospital which, despite installing a McAfee solution, still suffered five attacks in the past year. Of the 15 Trusts who were able to provide further information about the origins of the breaches, 87% said that the attacker gained access through a networked NHS device, with 80% targeted by phishing.
Perhaps most interestingly, not a single NHS Trust reported paying a ransom or informed law enforcement of the attacks, opting to deal with them internally.
“These results are far from surprising,” said Tony Rowan, chief security consultant at SentinelOne. “Public sector organizations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware and a new more dynamic approach to endpoint protection is needed.”
These were sentiments echoed by Will Culbert, director of solutions engineering at Bomgar, who told Infosecurity that whilst there isn’t a silver bullet for this threat, the NHS and companies alike need to make sensible provisions across educating staff through to bolstering the cybersecurity technologies they use.
“Firstly, companies need to start at an IT infrastructure level, using network segregation methods that ensure that individuals aren’t connecting to sensitive networks all the time,” he added. “Typically, VPNs on machines auto-connect to the NHS networks, which is a great route for attackers to use as a path onto the NHS backbone. To enforce segregation, perhaps the NHS should rethink the VPN ‘always connected’ strategy.
“Moving to a personnel level, there needs to be multiple verification and access management tools at play to ensure only authorized individuals have access to the appropriate network assets in correspondence to their role. Finally, simple measures such as employee education and email scanning tools are essential to combating the ransomware threat.”