Forgot password?

NHS Cyberattack: 3 steps to avoiding large scale ransomware disruption

Months on from the ransomware attack on NHS IT systems, disruption is still being reported. The incident is having a knock-on effect on the quality of care that NHS trusts can provide, with patient notes stored on paper files, and unavailable patient lists leading to missed appointments or people getting seen twice over the course of the day. While there may not be any evidence that sensitive data has been compromised, this disruption is likely to continue for weeks to come and could therefore ultimately pose a risk to life.   

Once an organisation has fallen victim to a ransomware attack, it becomes a salvage mission, and it is easy to retrospectively wish for more stringent cybersecurity controls. In other words, it is far simpler and more cost effective to proactively protect against a ransomware attack than it is to recover after a serious breach. To avoid the kind of large-scale disruption seen by the NHS, the best solution is to ensure that any threats are spotted and mitigated before they can access systems or infiltrate data. The key steps to making this possible include reducing the software supply chain risk, embracing a Zero Trust framework, and working with external security experts who can deliver a 24/7 Security Operations Centre (SOC). 

Be aware of the software supply chain risk 

Cybercriminals are becoming increasingly sophisticated and targeted. They’ve learned that leveraging back-door entry points through smaller, less resourced points of the software supply chain is an effective way to exploit small businesses and gain access to larger ones – in this case, one of the biggest public sector bodies in the UK. We’ve also seen a proliferation of software supply chain attacks in recent years, from SolarWinds (perhaps one of the largest ever data breaches) to WannaCry (another attack that had severe consequences for the NHS). 

To reduce the risk of falling victim to a software supply chain attack, businesses should look to recent advice from the NCSC (National Cyber Security Centre). The guidance details why organisations need to update software and prioritise the patching of known exploited vulnerabilities. The warning feels particularly relevant to the healthcare industry, as the 2017 WannaCry ransomware attack was able to cause extensive damage to NHS trusts because Windows machines hadn’t been patched with the latest updates from Microsoft. Regular patching is therefore a critical way to bolster a cybersecurity and supply chain strategy, along with contractually agreeing liability with third parties in the case of a breach and ensuring that any partner companies comply with strict cyber hygiene requirements.   

Employ a Zero Trust Architecture  

Companies are weakening their cybersecurity posture by allowing their workforce – and sometimes even their supply chain – unregulated freedom within their networks.  A Zero Trust approach assumes every asset, device or user is a potential threat. It eradicates implicit trust and ensures malicious actors are not able access a network through hacking a privileged user’s account. This ultimately reduces vulnerabilities, minimises the risk of large-scale disruption after a breach and creates a stronger security posture across the company.  

Outsource your SOC 

If a ransomware operator is to breach a Zero Trust architecture and start moving laterally across a network, early detection is also key. Spotting a breach early means making sure that containment and mitigation processes can begin quickly for everyone affected. If we are ever to overcome the threat of ransomware, enterprises must deploy a number of proactive threat detection processes. This includes 24/7 network monitoring and a SOC that can identify and react to an attack before data is compromised. By working with a certified security partner to outsource this SOC, organisations benefit from access to greater expertise and resources, drawing on the aggregate value of cyber professionals with extensive knowledge of the threatscape.  

Get in touch to learn more about DigitalXRAID’s SOC services. 

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert


Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]