How Ransomware Caused the NHS to Lose Millions in One Day

man in a suit with a floating hologram above his hand

One of the most common misconceptions people have about the government is that it’s formidable. Having a huge budget for public defense, the office should also have sufficient money and other critical resources to protect itself from the growing cybersecurity attacks.

In reality, no system is Alcatraz. That’s why solutions such as ServiceNow government cloud have the public sector in mind. These security programs allow governments to increase their layers of protection while still complying with strict regulations and laws.

Otherwise, many public institutions can suffer the same (or worse) fate as the NHS.

What Happened?

On Friday, May 12, 2017, the IT system of NHS in the UK suffered the effects of WannaCry, which encrypted files securely and would only decrypt them for a ransom of $300 or more, paid in Bitcoin.

In this particular case, the attackers demanded payment from the NHS to decrypt all affected machines within three days after infection. If they failed to do so, they would lose all files forever.

Amid the scramble for a solution, one thing is clear: one of the biggest public healthcare systems had just been hit by a ransomware attack.

What Is Ransomware?

Ransomware is a form of malware that blocks access to your computer system until you pay money demanded by the attacker. Once infected, your computer screen may display messages claiming that your computer has been blocked due to a police investigation or that you have violated the law.

Ransomware infections are typically delivered via phishing emails, bad adverts on websites, and malicious documents sent as attachments.

Over the years, many types of ransomware infections have occurred, including WannaCry. It encrypts files securely using AES-128 with a unique key per file. The malware then presents a message to the user instructing them on how they can pay the ransom.

It penetrated the NHS using an exploit called EternalBlue. It takes advantage of a vulnerability in Microsoft SMBv1 servers that’s been known since mid-2016 and for which there was no official patch initially. This is because of two reasons:

  • NHS actually uses legacy systems in managing and storing their data. In particular, their operating system at the time of the attack was still Microsoft XP.
  • Microsoft XP was released in 2001. Because it was already so old, and Microsoft kept churning newer operating systems, it decided to discontinue support for XP in 2014, three years before the attack. This suggests that within this period, their NHS operating system wasn’t receiving any technical support and software updates that could have made it less susceptible to the attack.

The Effects of the Cyberattack

person typing on a keyboard

To be clear, this ransomware attack didn’t target the NHS directly. In fact, it spread to over 100 countries and, thus, hurt millions of computer systems owned by both individuals and businesses of all sizes.

However, because the NHS is responsible for crucial healthcare tasks, the impact of the cyberattack was serious. At least 30 hospitals that provided ambulances and mental healthcare services couldn’t operate properly.

They couldn’t access patient information and other medical records, which were essential in diagnosing and managing treatments. The attack locked out healthcare providers from using devices such as MRI scanners.

Those that weren’t infected also experienced disruptions as they were forced to share resources to infected hospitals or accept patients that couldn’t be accommodated by the latter.

An IT researcher eventually found a kill switch that not only stopped the ransomware attack but also prevented it from infecting the rest of the computers.

However, the recovery period took a much longer time. Infected hospitals reverted to some manual processes, including using paper notes. They had to cancel elected procedures and outpatient services. Overall, the trust lost almost £6 million due to lost inpatient admissions and appointments.

Although that seems to be a small amount, one must remember that this incident occurred in only a day for the hospital. One could only imagine—and calculate—how much money it would have lost if it dragged on for days or weeks.

In hindsight, when someone feels they’re in a sticky situation, the best option is to follow instructions. In a ransomware attack, it would have ended if the NHS paid the attackers a few hundred dollars so that it could go back to business immediately.

However, many tech experts frown upon this idea. People who would have paid the ransom amount would still find their system at risk. Hackers could steal the payment by tracking down transactions through Bitcoin accounts.

The best step is still to remember the adage, “Prevention is better than cure.” Securing the network, updating the systems regularly, and investing in several protection layers can significantly reduce the risk of a government agency being the next NHS.


About the Author

Related Posts

Three Essential Tips to Protecting Your CDL

Protecting your Commercial Driver’s License (CDL) is crucial for your career. A class A CDL online course can help improve driver knowledge and safety habits,

Scroll to Top