What Digital Leaders can learn from the NHS Ransomware attack

Following the large scale Ransomware attack on the NHS, which hit up to 45 NHS sites throughout the country, questions have been raised over what can be done to make the NHS more secure.Affected computers were locked by a Ransomware known as WannaCry which attacks Windows operating systems. The programme encrypted files on NHS computers demanding a payment of $300 (£230) to access them again, leaving some hospitals and GPs unable to retrieve patient data for a period of time.

Massive amounts of data are being generated by NHS hospitals, trusts and GPs every day so it is vital that the healthcare industry has access to a secure and trusted platform through which to store and share data. Following the recent cyber-attack, Home Secretary Amber Rudd has said that the NHS “must learn” from this and upgrade its IT systems, accepting that Windows XP was “not a good platform” for keeping this data secure.

 In many cases there is less need to have full desktop operating systems that have installed locally running software. Ransomware encrypts private files on your local computer once you run software you’ve downloaded. In the NHS attack, it was a user who clicked on a link and downloaded malware hidden in an attachment.

Finding Alternative Methods

Office-based software can be replaced by software as a service delivered from the cloud such as Google Suite and document forms by online eForm services such as PretaForm. This uses the principle of “least privilege”, meaning end users are given the lowest level of user rights that they can have and still do their jobs. So they can’t run any software like malware attachments. This is achieved by using virtual desktop or browser only desktops. Also data is stored in the cloud which is isolated from malware downloaded by an end user.

It is significantly more difficult to hack into a cloud service with the best of breed security controls that are constantly monitored and upgraded to prevent attacks. With Software as a Service operating systems can be locked down. So cloud-based systems are a far safer way to share, store and send data messages both internally within NHS sites and between organisations.

By contrast, word documents or executable formats being routinely sent via public email or downloaded off the internet carry a much higher risk.

The recent NHS cyber-attack crippled healthcare services, rendering various medical systems useless. As a result, operations and appointments were cancelled and ambulances had to be diverted. While other systems can be affected, PretaGov services remain operational and cannot be compromised in the event of an attack. All of our products are cloud-based, meaning that our services can be accessed via any computer via a browser with the transfer of data being encrypted. If patient data is saved in the cloud with backups to a separate data centre then this data can be accessed anywhere and organisations can continue to operate as normal even after a security event.