Reports are surfacing that the largest NHS hospital trust in England has been hit with ransomware, affecting thousands of sensitive files. Security experts from Varonis, NSFOCUS and Lastline commented below.
David Gibson, VP of Strategy and Market Development at Varonis:
“The reported ransomware attack on the largest NHS hospital trust in England affecting thousands of sensitive files is another canary-in-the-coal mine incident raising awareness for how much sensitive data is overexposed and at risk within organisations. When a user with excessive access to data across the network is infected with ransomware, organisations cannot ignore the crippling effects of hijacked data – in this case, potential disruptions for patient care.
“Barts Health NHS have said they are following a contingency plan by taking offline the infected systems; however, they should be thanking the ransomware criminals for shining a big, bright spotlight on the holes in their defences that allowed in the ransomware in the first place. If ransomware can temporarily halt productivity because it was spotted and stopped too far into the infection, only image what a malicious insider or external actor with co-opted credentials can do to your organisation and how long they can go undetected. Organisations impacted by ransomware also means they are vulnerable to other types of attacks.
“Organisations should monitor their IT infrastructure, specifically users and the files and emails they can access, and then perform regular attestations of access rights to reduce unnecessary exposure. Additionally, organisations should employ a user behaviour analytics solution to look for and stop anomalous behaviour that indicates ransomware or other dangerous breaches.”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS:
“In my predictions for 2017, (add link here) the increase of stealthy, modular ransomware capable of spreading laterally will be one of the primary cyberthreats organisations face in 2017 and beyond. Apparently, that prediction is proving to be true. Organisations will never be able to stop the dreaded “user click” that likely allowed the ransomware in to begin with. However, technology exists that can detect and defeat ransomware infections. The real question is, “Why do organisations continue to believe it will never happen to them, and why don’t they have the proper defences in place?” This is simply another testament that organisations are failing miserably in protecting themselves, their customers, and their data.”
.
Jamie Moles, Security Consultant at Malware Detection Firm Lastline:
“The National Health Service is one of the largest organisations in the United Kingdom. With an annual budget in the region of £116 billion, it is a massive target for ransomware actors and currently, it’s a poorly defended target.
“There are a number of trusts in deficit and spending on the NHS has dropped in real terms since the recession. Priorities for all NHS trusts are unsurprisingly targeted at medical needs over and above admin and operational needs, but of course this includes IT Security.
“While security remains a low priority for NHS management, they will increasingly fall victim to these kinds of threats, which wouldn’t be a serious problem except it has previously resulted in cancellation of treatments whilst the affected systems are investigated and cleaned up. Interestingly, the NHS takes a very strict and sanitary approach to dealing with these threats, shutting down almost all of its IT capabilities while it triages and treats the problem. Why would we expect any different from a medical organisation?
“Moving forward if we are to prevent these issues causing delays to treatment and potentially deaths, NHS trusts are going to have to invest in technology to deal with Ransomware and other targeted malware based threats. There are plenty of good technologies available to assist in this issue and they can be scaled effectively and cost efficiently to cope with massive organisations like the NHS. Unfortunately, Antivirus is not one of them.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.