Covid-19 has been a serious enough pandemic already, however concerns are being raised about other issues that could come into play regarding cyber security and the pandemic. Security has always been a top priority for healthcare systems like the NHS and the WannaCry cyber attack in May of 2017 showed just how serious an attack can be on our healthcare system.
Over the past few months a few stories have already emerged with incidents of vaccine manufacturers and providers being specifically targeted in attacks. However a serious case in Ireland has highlighted that this is becoming a serious issue and could have a detrimental effect on our current vaccine roll out program.
Healthcare in Ireland was severely disrupted in May of this year as cyber criminals managed to sneak a malicious spreadsheet into the inboxes of healthcare workers. When this spreadsheet was opened it planted ransomware on the machine. Over a period of 2 months the attackers worked through the network and then deployed their ransomware taking down all machines that were on the network and demanded payment. This meant that doctors, receptionists, anyone who was on the network had to revert to using pen and paper for communication and even for things such as test results. This leads to a large increased chance of mistakes being made, with thousands of people’s healthcare at stake. This attack proved to be massive.
Cyber security researchers ran an audit on the systems and the attack itself, and found that there were multiple alarm bells that indicated an attack was happening, yet nothing was done to even investigate what was going on. If the attack had been properly spotted within the two months the attackers were in the system and the deployment of the attack the story would be different. However it wasn’t and there are a lot of concerns emerging as to why the attackers managed to spend two months in the network unnoticed. This exact attack shows that organisations like the NHS are not safe from cyber-attacks and the results could be detrimental.
How could this have been worse?
When thinking about how this attack could have been worse, we need to think about the greater scheme of things. With the NHS spanning over Ireland, Scotland, Wales and England this attack could have been much more widespread over the UK. If this attack had targeted vaccine records and systems like track and trace it could potentially bring the vaccine rollout program to a halt across the entirety of the UK. Not only that but with the possibility of track and trace being taken down, it could mean that people who have been in close contact with someone who has tested positive could not have been notified, possibly leading to more infections.
On top of this if an attack at scale was to hit the records of those who had been vaccinated and either deleted in a ransomware attack or released in a data breach, it could be a serious national incident for the UK Government and for the NHS. It has been proven time and time again that the NHS is massively susceptible to a cyber attack and with current tensions high and hospitals being busy this could have a massive effect on the country.
What can be done?
The main thing that can be done to prevent things like this happening in the future is investment. Ensuring that the computer systems within the NHS are all using modern technology and are up to date is essential. Any kind of weak point on the network could lead to an attack so all points of approach need to be closed. Staff education is also something that needs to be brought in, ensuring that people know how to spot malicious emails and what to do if they receive such an email. More and more attacks are happening because of user mistakes and hackers using social engineering instead of remote attacks. By investing in teams of Cyber Security engineers and taking even the basic steps towards security can all help protect this wonderful system from being attacked and taken down in the future.