19:03 GMT +313 December 2019
Listen Live
    Cybercrime

    Cyber Blackmailers Targeting UK National Health Service Trusts

    © Photo : Pixabay
    Europe
    Get short URL
    0 45
    Subscribe

    Cybercriminals are stealing patient data from NHS Trusts and then issuing ransom demands to extort money from hospitals. The alarming revelation comes as the UK's new National Cyber Security Centre (NCSC) became operational last week.

    At least 28 NHS Trusts across England have fallen victim to cybercriminals attempting to blackmail them for money in the past 12 months. Hackers have been able to access and steal large amounts of private patient data, and then issue ransom demands. That's according to data released through Freedom of Information requests by the i newspaper.

    NHS Digital, the body which oversees cybersecurity for the UK's health service, admitted there has been an increase in attacks but told the i that no ransom was paid and claims that no data was lost. It said patient records had not been affected.

    However, Ollie Whitehouse, technical director of NCC Group, the Internet security company which obtained the data, told the i that NHS Trusts remain vulnerable to further data breaches.

    "Ransomware has become the bottom line of cybercrime — if hackers break into a system and can't find any other way to monetize what they find, they encrypt the data and demand a ransom.

    "We have seen a 400% increase in these attacks," Mr. Whitehouse said.

    "The health service is by no means alone in facing this kind of attack. But NHS trusts are being increasingly targeted and any loss of patient data would be a nightmare scenario. Like everyone else, they need to be applying robust controls," he added.

    Ransomware, is amalicious software virus that works by implanting a piece of software, often sent disguised in an email, which locks the user out of their system or files. The hackers then demand a ransom, in a practice that generates millions of pounds a year for cybercriminals.

    The agency tasked with trying to help key UK institutions develop these robust controls, is the UK's new National Cyber Security Centre (NCSC), which recently opened last week. The public facing wing of the UK's intelligence agency, GCHQ, one of its key priorities is to maintain the integrity of large scale systems and networks across the UK. However, that will be no easy task.

    Last month, the director general of cybersecurity for GCHQ, Ciaran Martin, admitted that current measures to protect the UK from cyber crime are "not yet good enough."

    "Far too many of these basic attacks are getting through. And they are doing far too much damage. They're damaging our major institutions," he added. 

    The NCSC's new lead on health, Alison Whitney, also acknowledged that the vast scale and complexity of the NHS makes it particularly at risk. Speaking at the UK Health Show in London earlier this month, Whitney said that a new kind of cyberdefense model is needed.

    "There are 1.2 million users, and somewhere between 20,000 and 40,000 organisations… so I knew that the kind of models and approaches we used for central government just weren't going to work. We are going to be drawing some research into anonymization and hoping we can turn that into practical guidance," Mr. Whitney said.

    The newly revealed data breaches is the latest blow this year for the NHS. Hospital bosses are warning that the NHS has reached a ‘tipping point' as it struggles to maintain good standards for patients, due to lack of funds and simultaneous increase in demand.

    And concerns over the NHS aren't just coming from the top. An Ipsos Mori poll this month showed that the NHS has replaced immigration and Brexit as a key issue facing Britain for most voters.

    40% mentioned the health service, hospitals or healthcare as a concern to them: more than cited any other issue.

    It's not yet clear what strategies the NCSC has in mind to better protect the NHS and patient's confidential data.

    In the meantime, European police agency, Europol, has issued a warning about ransomware, calling it the top form of online theft.

    Related:

    More Than Half of UK Businesses Suffer From Ransomware Cyberattacks
    Kaspersky Lab Defeats Ransomware Kidnappers With Software Giveaway
    Cybercriminals Hit German Computers Using New ‘Petya’ Ransomware
    UK Security Services Plan to Build 'Great Firewall' to Counter Cyber Threats
    Tags:
    ransom, crime, private data, cyberattack, cybersecurity, hacking, British Government Communications Headquarters (GCHQ), National Health Service (NHS), Great Britain, United Kingdom
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik