On June 3, 2024, one of the worst ransonware attacks struck several hospitals in London such as Guy’s, St Thomas’, King’s College, and Evelina London Children’s Hospitals and significantly affected clinical services. The attack that was considered as one of the most severe in the British history was aimed at Synnovis pathology testing organization impacting 4,913 acute outpatient appointments and 1,391 operations were postponed. This a Russian based hacking group Qilin that has been linked to the Kremlin protected cyber activities asked for a £40 million ransom. When the NHS failed to cooperate they released a database of stolen data on the dark web to show the stranger dangers of cyber risks for healthcare structures.
Ciaran Martin, the managing director of the newly established NCSC of the United Kingdom was reportedly frowning at the primitive information technology in use in the NHS. Having spent £338 million on developing cybersecurity in the previous seven years by NHS England, Martin was still able to state that NHS still has vulnerability to further attacks. He stressed on the inevitable frequency of updates to old model systems, having a strategy for singe points of failure and raising the bar on simple security protocols like MFA.
A recent British Medical Association report showed that, for instance, a failure to update doctors’ information technology renders them spend 13. 5 million hours annually to complete, which is equivalent to the amount of time 8,000 full-time working medics would require. The front-line personnel have complained that the computers and systems that are 10 years old and operating on Windows 7 become unresponsive very often and present massive security threats.
Some of the concern expressed by Dr. Daniel Gardham from the Surrey Centre for Cyber Security include some old computers which have unpatched vulnerabilities that act as entry points for the attackers. I just want to point out that many of these attacks stem from an organisation’s laxity in matters pertaining security for instance use of weak passwords and computers left open.
Conclusion:
The most recent example of the latter is the ransomware attack on the NHS, which highlighted severely lacking elements in the organization’s cybersecurity strategy. Therefore, concrete, swift, and large-scale actions should be taken for modernizing the old and ill-protected networks, adopting fundamental security measures, and protecting the healthcare services against potential cyberattacks in the future.