You’ve Been Hacked!

What would you do if you arrived at work today and found you could not access the computer systems? No access to medical records, test results, appointments, prescriptions or emails…

This was the reality for a number of UK hospitals and general practices last week when malicious software encrypted the contents of many National Health Service (NHS) computers. Infected computers displayed a pop-up message demanding payment of a ransom in Bitcoins within three days to access their computer and retrieve files. Failure to pay would see the ransom escalated, followed by automatic deletion of the files.

The attack appeared to exploit a weakness in the software which had been remedied by a software patch earlier this year, but may not have been installed across NHS computers. Malicious software can also be introduced by phishing –  where an email attachment or a web link, when opened, downloads the ransomware.

Ransomware in healthcare is increasing

A 2016 IBM survey found 70% of business executives with experience of ransomware had paid to get their data back, including a US hospital which paid attackers 40 Bitcoins (then US $17,000).

An increasing number of doctors and practices are contacting MDA National to discuss data intrusions into their practice computer systems.

How can you protect your computer systems from ransomware?

Useful guidance is available from the RACGP’s Computer and Information Security Standards and the Federal Attorney General’s Department’s CERT.

Some of the recommended strategies include the following:

• Ensure applications and operating systems are kept up to date with the latest software patches.
• Regularly back-up files, maintain an off-line copy and test your backups – as online drives and network shares are encrypted by the malware, any connected backups will be rendered unusable.
• Ensure computer systems are running antivirus software with the latest antivirus signatures.
• Consider implementing software restriction policies to hinder the ability of malicious software to execute successfully.
• Monitor intrusion detection and/or prevention systems, user logs and server logs for suspicious behaviour.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters. This blog is based on an actual event but details have been changed to protect the privacy of those involved.