Some industry reaction to the news that the NHS has been hacked once again. According the Mirror tabloid this is affecting operations and blood transfusions in some London hospitals. Lives are at stake, not just data and much more needs to be done to verify the ID of people using NHS systems, plus in-depth training in cyber security for many people in the public sector or associated contractors.
TOKIO MARINE
Paul Gooch, Head of Large Account Cyber, Tokio Marine Kiln:
Unfortunately this attack correlates with our claims statistics which show that ransomware attacks are once again on the rise and that the healthcare sector continues to be heavily targeted by ransomware crime groups.
Threat actors have added leverage when looking to extort healthcare organisations as:
- These organisations hold sensitive patient data – criminals threaten to ‘leak’ this data unless extortion payments are made
- The operational impact of a computer system outage in the healthcare sector is incredibly high – as we have seen with this most recent attack on Synnovis, the NHS trusts impacted have declared it to be a ‘critical incident’ due to the impact on test results and medical procedures
The extent and duration of the impact of this attack is yet to be seen, but will likely be determined by what type of data has been compromised, as well as the back-up and restoration procedures Synnovis have in place. Sadly, the somewhat cliché phrase that it’s “not if, but when” an organisation will fall victim to a cyber-attack is one which we would advise companies to incorporate into their approach to cyber security, and so a focus on recovery is just as important as efforts made to prevent the attack in the first place.
MCGILL AND PARTNERS
Tom Dryden, Partner – Financial Lines and Cyber at McGill and Partners commented:
“This attack on Synnovis and the resultant impact on various NHS trusts is the latest in a growing trend of attacks on critical infrastructure which is vulnerable because of the nature of its criticality as a service making it susceptible to an extortion attack, and because typically speaking security maturity is lower than other sectors. The UK’s NCSC came out in November warning of the significant evolution in cyber threat to UK critical infrastructure, including healthcare facilities, due to the geopolitical environment. It’s too early to say if this was a geopolitically motivated attack or just an opportunistic one but reports are that the Russian criminal group Qilin are behind the attack.
“Cyber insurance is still low in the UK 15-20%, lower still for SME businesses, and while it doesn’t of course prevent an attack and is just one small element to compliment an overall cyber security strategy, it does help significantly with response and recovery. This is a stark reminder of the potential for the impact of a cyber attack to spill over to far more serious consequences than just financial harm, such as with the 2020 ransomware attack on a Düsseldorf hospital.”
Be the first to comment