NHS Receives Multiple Check Ins for Hackers

NHS Receives Multiple Check Ins for HackersNHS Receives Multiple Check Ins for Hackers

NHS Receives Multiple Check Ins for Hackers – Following last year’s Russian-led cybercrime hack on the Barts Health NHS Trust, it is to no one’s surprise that the National Health Service has seen multiple attempts to hack, steal and extort data for financial gain. What does come as a surprise is that other cybersecurity attacks have proven successful following the high-profile attack.

NHS Receives Multiple Check Ins for Hackers

2024 cybersecurity news saw a different group, named INC Ransom, publishing over three terabytes of stolen NHS data from an attack on the NHS Dumfries and Galloway hack. What followed was a ransomware attack against a key partner of the NHS, a company called Synnovis that manages blood transfusions and lab services for NHS hospitals in the London area. The attack was so severe that three NHS hospitals were completely crippled within hours.

A Glowing Advertisement

Despite the initial attack being a big red-faced affair for the NHS, the continued attacks have advertised the numerous cybersecurity challenges facing the service, which delivers care to over 68 million UK residents through 229 trusts across the nation. Adding a vast network of providers and computer systems only makes the NHS the richest and most comprehensive score of data for attackers than anywhere else.

The NHS is also one of the world’s largest employers with over 1.7 million workers, making it both an attractive target and a financially motivational attack point for extortion over disrupting their IT systems.

The health service was among the 2017 WannaCry attacks, where the earliest form of ransomware spread globally to disrupt services, including the closure of several emergency rooms. Out of all industries, healthcare is the most frequently targeted for ransomware gangs, thanks to general underfunding for priority cybersecurity UK and a low downtime tolerance.

Quick to Pay

As highlighted at every recent cybersecurity conference, outages of healthcare systems and data fuel immediacy for management to pay off any ransom to restore systems quickly, fueling the problem that the attack will always prove profitable and encourage further and more severe attempts. The Ransomware attack on Synnovis has had three attacks in 12 months but classed the most recent as an isolated incident. 

Synnovis, a life-critical element of the NHS supply chain, has showcased the difficulty in securing systems from multiple independent suppliers and the potential impact on operations. Hospitals hit by data ransoms can delay important or life-critical surgical procedures or operations, prevent blood transfusions, or hold up important treatments. NHS England has invested £338m in the past seven years to build its cybersecurity resilience, but the ageing IT infrastructure is still a pressing issue.

The Synnovis attack affected 4,913 acute outpatient appointments and postponed 1,391 operations with major data security concerns. The Russian-based hacking group Qilin demanded a ransom of £40m, a figure that the NHS balked at providing before they published the stolen data on the dark web.

A Profitable Target

The NHS is vulnerable, with a patient safety issue that the NHS has not taken active steps to protect itself. While huge amounts have gone into cybersecurity, the systems with no unified system are dangerously outdated. Many put it down to funding cuts over the last decade, leaving the older technology riddled with unpatched vulnerabilities that are wide-open entry points for attackers.

The continued attacks will be the talking points for upcoming cybersecurity events across the UK throughout the rest of 2024. Many men and women in cybersecurity are already identifying the key risks the NHS is juggling due to antiquated systems that play against the cybersecurity definition.

For more information on the NHS cybersecurity issue, search cybersecurity events near me and other cybersecurity conferences in the UK.

Pradeep: