Blogs

You’ve Been Hacked!

15 May 2017

sara bird

by Dr Sara Bird

Hacker sits at computer with binary code in background

What would you do if you arrived at work today and found you could not access the computer systems? No access to medical records, test results, appointments, prescriptions or emails…

This was the reality for a number of UK hospitals and general practices last week when malicious software encrypted the contents of many National Health Service (NHS) computers. Infected computers displayed a pop-up message demanding payment of a ransom in Bitcoins within three days to access their computer and retrieve files. Failure to pay would see the ransom escalated, followed by automatic deletion of the files.

The attack appeared to exploit a weakness in the software which had been remedied by a software patch earlier this year, but may not have been installed across NHS computers. Malicious software can also be introduced by phishing –  where an email attachment or a web link, when opened, downloads the ransomware.

Ransomware in healthcare is increasing

A 2016 IBM survey found 70% of business executives with experience of ransomware had paid to get their data back, including a US hospital which paid attackers 40 Bitcoins (then US $17,000).

An increasing number of doctors and practices are contacting MDA National to discuss data intrusions into their practice computer systems.

How can you protect your computer systems from ransomware?

Useful guidance is available from the RACGP’s Computer and Information Security Standards and the Federal Attorney General’s Department’s CERT.

Some of the recommended strategies include the following:

  • Ensure applications and operating systems are kept up to date with the latest software patches.
  • Regularly back-up files, maintain an off-line copy and test your backups – as online drives and network shares are encrypted by the malware, any connected backups will be rendered unusable.
  • Ensure computer systems are running antivirus software with the latest antivirus signatures.
  • Consider implementing software restriction policies to hinder the ability of malicious software to execute successfully.
  • Monitor intrusion detection and/or prevention systems, user logs and server logs for suspicious behaviour.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters. This blog is based on an actual event but details have been changed to protect the privacy of those involved.

 

Library

Doctors, Let's Talk: Setting Boundaries At Work

A conversation with Nicola Campbell, Psychiatry Registrar, that explores the necessity of setting professional boundaries as a Junior Doctor.

Podcasts

07 Dec 2022

Doctors, Let's Talk: Your Support Network Is Your Net-Worth

A conversation with Nidhi Krishnan, Paediatric Registrar, that explores the value of building a strong network as a Junior Doctor.

Podcasts

07 Dec 2022

Doctors, Let's Talk: Are Retreats Worth The Money?

A conversation with Dr Emily Amos, General Practitioner, International Board Certified Lactation Consultant, and registered mindfulness teacher, that explores the utility of mindful retreats and self-care among Junior Doctors.

Podcasts

07 Dec 2022

Doctors, Let's Talk: Is Quitting Medicine Ever The Answer?

A conversation with Dr Ashe Coxon, General Practitioner, career counsellor, and founder of Medical Career Planning, that explores the issue of dealing with career uncertainty as a Junior Doctor.

Podcasts

07 Dec 2022