Government and security industry respond to WannaCry ransomware attack affecting 200,000-plus victims including NHS Trusts
On Friday 12 May, the National Health Service (NHS) was among those organisations hit by IT failures resulting from the significant WannaCry cyber attack, with NHS Trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire all affected. Some GP surgeries were forced to shut down their phone and IT systems while A&E Departments informed patients not to attend unless it was for a real emergency. In a statement, NHS Digital said that “a number of NHS organisations” were affected by the ransomware attack, but also stated the WannaCry ransomware isn’t specifically targeted at the NHS. In fact, reports suggest that it has affected organisations from across a range of sectors and around the globe.
There’s no evidence to suggest that patient data was accessed. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected. The focus is on helping organisations to manage this incident swiftly and decisively.
Ransomware attacks such as this are becoming more and more commonplace with public sector organisations arguably receiving an unfair proportion of them due to a perceived – or perhaps even an actual – weakness in their cyber defences. With healthcare providers across the country having to cancel services, it’s clear that this current episode has been an alarming situation for the NHS.
“It doesn’t matter where the threat comes from,” said David Thorp, executive director of the Business Continuity Institute (BCI). “Organisations must have plans in place to deal with the consequences of such disruptive events. By putting plans in place to deal with such events, it means that organisations are better prepared to manage through them, lessen the potential impact and still provide an appropriate level of service for their customers.”