It has been a few weeks since a major National Health Service (NHS) software supplier was hit with a ransomware attack, as The Guardian has reported. Parts of the health sector are dealing with the subsequent disorder caused, especially for medical paperwork and patient care. It is estimated, in a BBC News report, that it may take the service another 12 weeks to recover.
According to Itay Bochner, Director of Malware Analysis Solutions at OPSWAT, a critical infrastructure protection (CIP) cybersecurity solutions provider, this situation is quickly becoming one of the biggest cyberattacks to ever happen because of the mass chaos it is causing.
Bochner explains to Digital Journal that the issue of chaos relates to the scale of the service and the deep ramifications of the disruption that are permeating through British society, noting: “The UK NHS ransomware attack is turning into one of the biggest cyberattacks ever to happen in healthcare. Twenty days or more have passed since the health services’ cloud provider Advanced was attacked by ransomware with a demand to pay $10 million.”
He adds: “Since then, providers and patients have had no access to medical records – causing chaos and broader societal impact. Patients can’t get their medicine, physiatrists can’t add reports to the system and provide their professional opinion in court, and only last week was the emergency dispatch number 111 restored.”
Fixing an attack of this scale is not straightforward, as Bochner explains: “Advanced estimated it could take a few more weeks before they see a full restoration of services, leaving many questions about why recovery is taking so long and what could’ve been in place prior to the attack to reduce recovery time.”
In fact, assessing the time for recovery is fraught with complexity, as Bochner outlines: “While we can only speculate at this time, the lengthy recovery time could either be due to Advanced’s production environment and the last backup is not up to date. More likely, it could be because the backup is also infected with the malware, and recovering it will not help, forcing them to go way back or build it again.”
As an alternative, Bochner states: “Another possibility is that they backed everything but never tried to recover it, and now in a time of need it simply doesn’t work. If this is the case, doing routine backups and recovery could have helped in a situation like this and restored these critical services faster.”
Bochner warns that other areas of critical public sector infrastructure could be vulnerable to any future attack: “While we’ve seen so many attacks on critical infrastructure, this may be an example of how the effects of cyberattacks on healthcare systems could be potentially more dangerous (and deadly) than on any other critical industries. Monetization of the attack is more likely given that human lives are at stake and the general population relies on healthcare and emergency services on a daily basis.”