Blogs

You’ve Been Hacked!

15 May 2017

sara bird

by Dr Sara Bird

Hacker sits at computer with binary code in background

What would you do if you arrived at work today and found you could not access the computer systems? No access to medical records, test results, appointments, prescriptions or emails…

This was the reality for a number of UK hospitals and general practices last week when malicious software encrypted the contents of many National Health Service (NHS) computers. Infected computers displayed a pop-up message demanding payment of a ransom in Bitcoins within three days to access their computer and retrieve files. Failure to pay would see the ransom escalated, followed by automatic deletion of the files.

The attack appeared to exploit a weakness in the software which had been remedied by a software patch earlier this year, but may not have been installed across NHS computers. Malicious software can also be introduced by phishing –  where an email attachment or a web link, when opened, downloads the ransomware.

Ransomware in healthcare is increasing

A 2016 IBM survey found 70% of business executives with experience of ransomware had paid to get their data back, including a US hospital which paid attackers 40 Bitcoins (then US $17,000).

An increasing number of doctors and practices are contacting MDA National to discuss data intrusions into their practice computer systems.

How can you protect your computer systems from ransomware?

Useful guidance is available from the RACGP’s Computer and Information Security Standards and the Federal Attorney General’s Department’s CERT.

Some of the recommended strategies include the following:

  • Ensure applications and operating systems are kept up to date with the latest software patches.
  • Regularly back-up files, maintain an off-line copy and test your backups – as online drives and network shares are encrypted by the malware, any connected backups will be rendered unusable.
  • Ensure computer systems are running antivirus software with the latest antivirus signatures.
  • Consider implementing software restriction policies to hinder the ability of malicious software to execute successfully.
  • Monitor intrusion detection and/or prevention systems, user logs and server logs for suspicious behaviour.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters. This blog is based on an actual event but details have been changed to protect the privacy of those involved.

 

Library

Reportable Deaths and Coronial Matters

MDA National's Daniel Spencer (Case Manager - Solicitor) and Karen Lam (Medico-Legal Adviser) discuss when a person's death should be reported to the Coroner and what to do if the Coroner requests a statement or report.

Death Certificates

When a doctor can write a death certificate (where the death does not need to be reported to the Coroner), considerations when writing the death certificate and how to complete it accurately.

Communication in healthcare teams

Why good and effective communication is a vital part of delivering quality and safe patient care

Doctors, Let's Talk: Setting Boundaries At Work

A conversation with Nicola Campbell, Psychiatry Registrar, that explores the necessity of setting professional boundaries as a Junior Doctor.

Podcasts

07 Dec 2022