The NHS has been rolled over by a cyberattack - and it wasn't even the target.
The ransomware attack that has taken hospital systems in England and Scotland offline has spread globally.
According to cybersecurity firm Kaspersky, it's reached at least 74 countries, attacking all sorts of institutions.
The NHS was merely collateral damage. That doesn't absolve the NHS trusts affected, though.
NHS security will come into focus, expert says
According to security sources, this attack probably wasn't a nation state leveraging vast resources and spending months to break into a target, as we saw with the Sony hack, the infiltration of the Democratic National Committee in the US elections, or the attack that took a French TV station offline.
It was criminals looking for a Bitcoin buck.
But they supercharged the attack, using a technique originally discovered by the NSA, called Eternal Blue.
That exploit was leaked, by a group called Shadow Brokers, meaning hackers could take advantage of it.
Microsoft was quick to patch the vulnerability, offering it from 12 March. The company says those with up to date software are "protected" from the ransomware attack.
So why weren't the affected NHS trusts up to date?
An NHS IT source told me: "They patched nothing generally."
Staff working to keep systems up to date were "crushed" - by a lack of organisational understanding and money.
Last year we investigated cybersecurity in the NHS. We found that some trusts spent no money whatsoever on cybersecurity.
The white hat hackers we worked with found serious vulnerabilities just at first glances.
Those failings have now been exposed. And it's patients who are paying the price.
Saturday, May 13, 2017
Friday, May 12, 2017
Cyberattack: Up to 74 countries affected by ransomware, say experts
Up to 74 countries have been affected by the ransomware cyberattack that has struck the NHS, according to experts.
Among the other nations hit were Spain, Ukraine and India, said researchers from the Kaspersky Lab.
There have been more than 45,000 attacks worldwide, mostly in Russia, the Securelist cyber security website reported.
It said: "It's important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."
Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".
Spain's industry ministry said the attack affected the Microsoft Windows operating system of employees' computers.
Telecommunications giant Telefonica was among the many targets.
The company claimed the attack was limited to some computers on an internal network and had not affected clients or services.
Image:Russia has been most affected by the attack. Pic: Securelist
In the US, delivery company FedEx said it was experiencing issues with some of its Windows systems.
Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.
:: Ransomware explained - hacking for cash is on the rise
The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.
It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.
Hacking group Shadow Brokers reportedly released the malmare last month, after claiming to have discovered the flaw from the US National Security Agency.
Among the other nations hit were Spain, Ukraine and India, said researchers from the Kaspersky Lab.
There have been more than 45,000 attacks worldwide, mostly in Russia, the Securelist cyber security website reported.
It said: "It's important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."
Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".
Spain's industry ministry said the attack affected the Microsoft Windows operating system of employees' computers.
Telecommunications giant Telefonica was among the many targets.
The company claimed the attack was limited to some computers on an internal network and had not affected clients or services.
Image:Russia has been most affected by the attack. Pic: SecurelistIn the US, delivery company FedEx said it was experiencing issues with some of its Windows systems.
Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.
:: Ransomware explained - hacking for cash is on the rise
The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.
It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.
Hacking group Shadow Brokers reportedly released the malmare last month, after claiming to have discovered the flaw from the US National Security Agency.
Cyberattack: New setback for under-strain NHS
The scale and impact of the "ransomware" attack on at least 40 NHS organisations is not yet clear.
But senior NHS staff and administrators say an ongoing interruption to computer and IT systems could paralyse patient care and make routine treatment impossible.
The Department of Health and NHS England are currently taking some comfort from the fact that as yet there is no evidence that patient records have been breached, but it may prove little consolation.
Like most businesses and public services, the NHS is reliant on IT to function.
Unlike many, however, it is running at close to capacity. Even minor interruptions to normal routine can have a major impact on the flow of patients through hospital.
:: LIVE - Ransoms demanded as cyberattacks hits NHS hospitals
A protracted shutdown of systems across the weekend and into next week could bring parts of the system to a halt.
For a service already under acute strain because of rising demand and staff shortfalls, it is another blow.
Assessing the impact of the attack is complicated by the fact the NHS does not have an overarching IT structure.
Hospital trusts have developed their own systems and security measures and have varying ability to communicate with other organisations.
:: NHS cyberattack: Full list of organisations affected so far
A disastrous attempt to develop a unitary NHS IT system was abandoned at a cost of more than £10bn, leaving a patchwork of systems.
That may explain why so far only around 20% of Trusts have been affected, though this number may rise.
What is clear is that systems have been fundamentally compromised.
Doctors and nurses at affected hospital trusts have been unable to access patient records, appointment systems, drug charts, blood tests, x-rays and other forms of clinical information.
Affected A&E departments meanwhile have been unable to use the electronic systems that are fundamental to communicating with ambulance crews, keeping track of patient admissions and discharges, and managing the all-important "flow" that prevents hospitals grinding to a halt.
Staff at affected city A&E departments will be braced for an even more challenging weekend rush than usual.
Some paper records do exist, but securely matching these to patients will be a challenge.
Because of concern over patient confidentiality, some trusts have stopped using full names on records in an attempt to improve "information governance".
Instead, patients are referred to at some trusts by a forename and an initial, accompanied by a patient number.
:: Sky News investigation discovers NHS trusts were putting patients at risk
One consultant told Sky News that they routinely worked with three computer systems open on their computer simultaneously: the Electronic Patient Record (EPR); a separate X-ray system; and another that holds records of certain specialist drug treatments.
Even sending out letters to patients is automated. At some trusts, doctors dictate letters to an audio device, upload the audio file to a system accessed by a transcription service in India, where staff type out the letter before sending it back using an encrypted system.
:: Hacking for cash: Ransomware threats on the rise
The more of these discrete systems that are affected the longer it will take to restore normal working.
Even establishing the scale of the damage is likely to tie up trusts for the weekend and possibly beyond.
NHS managers will hope that patient records remain secure. Were hackers able to tamper with ongoing drug prescriptions for example, this crisis could become one of patient safety as well as cybersecurity.
But senior NHS staff and administrators say an ongoing interruption to computer and IT systems could paralyse patient care and make routine treatment impossible.
The Department of Health and NHS England are currently taking some comfort from the fact that as yet there is no evidence that patient records have been breached, but it may prove little consolation.
Like most businesses and public services, the NHS is reliant on IT to function.
Unlike many, however, it is running at close to capacity. Even minor interruptions to normal routine can have a major impact on the flow of patients through hospital.
:: LIVE - Ransoms demanded as cyberattacks hits NHS hospitals
A protracted shutdown of systems across the weekend and into next week could bring parts of the system to a halt.
For a service already under acute strain because of rising demand and staff shortfalls, it is another blow.
Assessing the impact of the attack is complicated by the fact the NHS does not have an overarching IT structure.
Hospital trusts have developed their own systems and security measures and have varying ability to communicate with other organisations.
:: NHS cyberattack: Full list of organisations affected so far
A disastrous attempt to develop a unitary NHS IT system was abandoned at a cost of more than £10bn, leaving a patchwork of systems.
That may explain why so far only around 20% of Trusts have been affected, though this number may rise.
What is clear is that systems have been fundamentally compromised.
Doctors and nurses at affected hospital trusts have been unable to access patient records, appointment systems, drug charts, blood tests, x-rays and other forms of clinical information.
Affected A&E departments meanwhile have been unable to use the electronic systems that are fundamental to communicating with ambulance crews, keeping track of patient admissions and discharges, and managing the all-important "flow" that prevents hospitals grinding to a halt.
Staff at affected city A&E departments will be braced for an even more challenging weekend rush than usual.
Some paper records do exist, but securely matching these to patients will be a challenge.
Because of concern over patient confidentiality, some trusts have stopped using full names on records in an attempt to improve "information governance".
Instead, patients are referred to at some trusts by a forename and an initial, accompanied by a patient number.
:: Sky News investigation discovers NHS trusts were putting patients at risk
One consultant told Sky News that they routinely worked with three computer systems open on their computer simultaneously: the Electronic Patient Record (EPR); a separate X-ray system; and another that holds records of certain specialist drug treatments.
Even sending out letters to patients is automated. At some trusts, doctors dictate letters to an audio device, upload the audio file to a system accessed by a transcription service in India, where staff type out the letter before sending it back using an encrypted system.
:: Hacking for cash: Ransomware threats on the rise
The more of these discrete systems that are affected the longer it will take to restore normal working.
Even establishing the scale of the damage is likely to tie up trusts for the weekend and possibly beyond.
NHS managers will hope that patient records remain secure. Were hackers able to tamper with ongoing drug prescriptions for example, this crisis could become one of patient safety as well as cybersecurity.
Cyber attack spreads across 74 countries; some UK hospitals crippled
Cyber attacks that hit 74 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
TRUMP CAN WIN THE CYBER WAR (BY FOLLOWING CHURCHILL'S APPROACH)
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The malware was sent via email with a file attached to it. From there, it subsequently spread.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still "ongoing" and that that the organization was "made aware of it this afternoon," according to an interview in The New York Times.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
"It's one of the widest sperad attacks we've ever seen," said Michael Balboni, President of Redland Strategies, a consulting firm that specializes in cybersecurity. Balboni, who is also a former homeland security advisor for the state of New York, said that the possiblity of another attack this size is possible.
"We're entering an age known as cyber-insecurity," Balboni added. "There's going to be a huge response from the public now that doctors and hospitals are being affected, there is going to be a huge shift in how people think about this."
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors." In total, 16 NHS organizations said they were affected.
British Prime Minister Theresa May addressed the hacks, saying it's not just targeted at the NHS.
"This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected," May said in a statement. "The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety."
May added that though she was not aware of any leaked data, vigilance must be taken.
"Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected," May said.
In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.
UK HOSPITALS TURN AWAY PATIENTS AFTER RANSOMWARE ATTACK
Hospital operator NHS Merseyside tweeted "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."
Bart's Health, which also operates a number of London-based hospitals, activated its major incident plan, which included canceling routine appointments and diverting ambulances to different hospitals.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
TRUMP CAN WIN THE CYBER WAR (BY FOLLOWING CHURCHILL'S APPROACH)
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The malware was sent via email with a file attached to it. From there, it subsequently spread.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still "ongoing" and that that the organization was "made aware of it this afternoon," according to an interview in The New York Times.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
"It's one of the widest sperad attacks we've ever seen," said Michael Balboni, President of Redland Strategies, a consulting firm that specializes in cybersecurity. Balboni, who is also a former homeland security advisor for the state of New York, said that the possiblity of another attack this size is possible.
"We're entering an age known as cyber-insecurity," Balboni added. "There's going to be a huge response from the public now that doctors and hospitals are being affected, there is going to be a huge shift in how people think about this."
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors." In total, 16 NHS organizations said they were affected.
British Prime Minister Theresa May addressed the hacks, saying it's not just targeted at the NHS.
"This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected," May said in a statement. "The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety."
May added that though she was not aware of any leaked data, vigilance must be taken.
"Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected," May said.
In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.
UK HOSPITALS TURN AWAY PATIENTS AFTER RANSOMWARE ATTACK
Hospital operator NHS Merseyside tweeted "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."
Bart's Health, which also operates a number of London-based hospitals, activated its major incident plan, which included canceling routine appointments and diverting ambulances to different hospitals.
General Election: Jeremy Corbyn rejects claims he is a pacifist
Jeremy Corbyn has rejected claims he is a pacifist, saying he accepts that military action "under international law and as a genuine last resort" is sometimes necessary.
In a major speech outlining his approach to defence and foreign policy, the Labour leader said it was an "extraordinary question" to be asked whether he would countenance pressing the nuclear button.
While he said the party was committed to pursuing disarmament and had a policy of "no first use" of nuclear weapons, he would "do everything necessary to protect the safety and security of our people and our country".
Speaking at the Chatham House think-tank in London, Mr Corbyn cautioned against a "bomb first, talk later" approach to foreign policy.
He said the world was "more unstable than even at the height of the Cold War" because of a failed approach to international security, with botched foreign interventions making the world a "more dangerous place".
In a major speech outlining his approach to defence and foreign policy, the Labour leader said it was an "extraordinary question" to be asked whether he would countenance pressing the nuclear button.
While he said the party was committed to pursuing disarmament and had a policy of "no first use" of nuclear weapons, he would "do everything necessary to protect the safety and security of our people and our country".
Speaking at the Chatham House think-tank in London, Mr Corbyn cautioned against a "bomb first, talk later" approach to foreign policy.
He said the world was "more unstable than even at the height of the Cold War" because of a failed approach to international security, with botched foreign interventions making the world a "more dangerous place".
Ebola outbreak declared after three die in Democratic Republic of Congo
An Ebola outbreak has been declared in the northeast region of the Democratic Republic of Congo.
The World Health Organisation says three deaths are being linked to the virus, and it is taking the situation "very seriously".
One of those killed had tested positive for Ebola after coming down with a haemorrhagic fever last month in Bas-Uele, a province which borders the Central African Republic.
WHO spokesman Christian Lindmeier has told Sky News that work is under way to find people who may have been in contact with the Ebola sufferer.
The health agency's regional director is also on their way to Bas-Uele, where residents are being given advice on how to treat their loved ones and perform safe burials.
Another WHO spokesman, Eric Kabambi, said: "The case is in a very remote zone, very forested, so we are a little lucky."
The DRC suffered a three-month outbreak of Ebola in 2014. Although it was quickly contained, 49 people were killed.
Ebola occasionally jumps from animals including bats and monkeys to humans - and without preventative measures, the virus can spread quickly between people.
The virus is fatal in up to 90% of cases, and the WHO recently developed an experimental vaccine for use in emergencies.
In a statement, the DRC's health ministry said: "Our country must confront an outbreak of the Ebola virus that constitutes a public health crisis of international significance."
Health minister Oly Illunga has urged the population not to panic.
Ebola caused alarm globally in 2013 when the world's worst outbreak began in West Africa - killing more than 11,300 people and infecting an estimated 28,600 as it swept through Liberia, Guinea and Sierra Leone.
Liberia was only declared free of active Ebola virus transmission last June.
The WHO has warned that the virus could resurface at any time, as it can linger in the eyes, central nervous system and bodily fluids of some survivors.
The World Health Organisation says three deaths are being linked to the virus, and it is taking the situation "very seriously".
One of those killed had tested positive for Ebola after coming down with a haemorrhagic fever last month in Bas-Uele, a province which borders the Central African Republic.
WHO spokesman Christian Lindmeier has told Sky News that work is under way to find people who may have been in contact with the Ebola sufferer.
The health agency's regional director is also on their way to Bas-Uele, where residents are being given advice on how to treat their loved ones and perform safe burials.
Another WHO spokesman, Eric Kabambi, said: "The case is in a very remote zone, very forested, so we are a little lucky."
The DRC suffered a three-month outbreak of Ebola in 2014. Although it was quickly contained, 49 people were killed.
Ebola occasionally jumps from animals including bats and monkeys to humans - and without preventative measures, the virus can spread quickly between people.
The virus is fatal in up to 90% of cases, and the WHO recently developed an experimental vaccine for use in emergencies.
In a statement, the DRC's health ministry said: "Our country must confront an outbreak of the Ebola virus that constitutes a public health crisis of international significance."
Health minister Oly Illunga has urged the population not to panic.
Ebola caused alarm globally in 2013 when the world's worst outbreak began in West Africa - killing more than 11,300 people and infecting an estimated 28,600 as it swept through Liberia, Guinea and Sierra Leone.
Liberia was only declared free of active Ebola virus transmission last June.
The WHO has warned that the virus could resurface at any time, as it can linger in the eyes, central nervous system and bodily fluids of some survivors.
NHS Trust hit by cyber attack
East and North Hertfordshire NHS Trust has confirmed that it has been hit by a cyber attack.
All non-urgent activity at the trust has been postponed. It is also asking people not to visit Accident and Emergency.
According to the Trust's website it runs four hospitals. All are believed to be affected.
All non-urgent activity at the trust has been postponed. It is also asking people not to visit Accident and Emergency.
According to the Trust's website it runs four hospitals. All are believed to be affected.
Subscribe to:
Posts (Atom)