"No silver bullet" when it comes to preventing ransomware attacks
Data from a freedom of information request (FOI) by NCC Group has found that 47% of NHS Trusts in England have been successfully targeted by ransomware in the past year.
Some 60 trusts responded to the FOI request, with 28 confirming that they had been the victim of ransomware. Just one trust said they had not been hit in the last year, but that they had been infected in the past, while 31 trusts withheld information citing patient confidentiality.
Ollie Whitehouse, technical director at NCC Group, said: “The damage that a successful ransomware attack can cause makes these findings not simply an issue for a trust’s IT team, but for its board of directors too. Paying the ransom – which isn’t something we would advise – can cost significant sums of money, yet losing patient data would be a nightmare scenario for an NHS Trust.”
Ransomware is type of malware that restricts access to systems in some way, often by encrypting files and then demanding a ransom to obtain access. Many ransomware attacks are delivered via phishing emails which are well crafted and disguised to resemble something non-malicious to trick the target. With Trusts holding a range of sensitive data on patients and employees, a piece of ransomware could cause serious disruption to services and ultimately impact patient care.
Whitehouse added: “There is no silver bullet or one single solution that can stop this type of attack, despite what many security companies may claim. Instead, we would recommend a multi-layered approach, applying robust controls such as regular patching of software, using up-to-date anti-virus and educating staff as to the risks posed by phishing and ransomware.”
Published date:  25 August 2016