Isis hack on NHS shows the risk of cyber attack is omnipresent

Last week, it was reported that Isis-inspired hackers carried out an attack on six NHS websites and posted brutal images of violence from the war in Syria.

Complacency is not an option when the next cyber-attack is just around the corner, writes Jon Hibbs
Complacency is not an option when the next cyber-attack is just around the corner, writes Jon Hibbs

Doctors tell us that getting a jab is the best protection against the ‘flu, even though the effectiveness of the latest vaccine is based on last winter’s strain of virus.

In this respect, health is like online security: a new mutation will always expose a gap in your defences. Our trust was recently the victim of a computer virus that had never been seen before.


Also see: Cyber security: why comms teams can't afford to bury their head in the sand

Government could recruit specialists with autism to guard against reputational damage of cyber attacks


We haven’t seen it since, either: within hours of the outbreak our anti-virus protection software supplier had quarantined the virus, not only for us but for all its global commercial clients too.

Was this a deliberate cyber-attack? No.

Despite loose talk in the trade about what this particular Trojan malware might do, it was not ransomware, there was no blackmail threat, our computer systems were not hacked, and no patient data was lost, stolen or affected.

Nevertheless, we took the virus extremely seriously, and checked every single clinical system, application and PC to make sure no network files were infected.

We won't ever know precisely what damage the virus could have done, because the quarantining is so effective you can't see what’s behind it.

However, the episode was a salutary reminder of the risks of opening email attachments or weblinks from unknown sources.

 

when I see reports that Isis hacked NHS websites to broadcast its vile propaganda, my first reaction is that, given the ageing nature of our IT infrastructure, the chances are these videos wouldn’t play on most of our computers.

Jon Hibbs, director of communications and engagement, Barts Health NHS Trust


So when I see reports that Isis hacked NHS websites to broadcast its vile propaganda, my first reaction is that, given the ageing nature of our IT infrastructure, the chances are these videos wouldn’t play on most of our computers.

My second thought is, what’s the point of hacking into the NHS, other than to demonstrate that they can cause disruption?

The terrorists get an easy headline, but there’s no evidence they are after medical records, never mind that these could be compromised.

Our trust doesn’t actually hold patient data on our servers anyway.

Our clinical systems are hosted by Cerner, whose top security data centres are used by hospitals all over the world.

Our patients should have no cause for concern.

Is the NHS more vulnerable than other organisations? Sure, we have a lot of employees, so we are at the mercy of human behaviour.

There is a proportionately higher risk that someone will be tempted to surf the web at work and find something they shouldn’t - and a commensurate challenge to educate staff about appropriate online behaviour.

Yet we also have a huge number of customers, deal with a subject that affects everyone, and enjoy a higher public profile than many other institutions.

In that sense, we will always be an easy target for those who want to make a point. That’s another reason why we can’t afford to be complacent.

We will always err on the side of caution to reduce risks, even if we would rather invest the time, effort and money on what brings us into the NHS in the first place, improving patient care.

Jon Hibbs is the director of communications and engagement at Barts Health NHS Trust


• Click here to subscribe to the new FREE public sector bulletin to receive dedicated public sector news, features and comment straight to your inbox. 

If you wish to submit a news, comment, case study or analysis idea for the new public sector bulletin, please email Ian.Griggs@haymarket.com

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in

Would you like to post a comment?

Please Sign in or register.