NHS hospitals are increasingly being targeted with
ransomware attacks, according to an investigation by i.
The online newspaper found that in the past 12
months, at least 30 NHS trusts in England have been victim to this particular
type of attack.
In four cases, the incident had to be reported as a
“potential breach of data protection or confidentiality laws”, i explained.
According to Ollie Whitehouse, technical director
of NCC Group – which helped gather the data – ransomware “has become
the bottom line of cybercrime”.
“If [cybercriminals] break into a system and can’t
find any other way to monetize what they find, they encrypt the data and demand
a ransom,” he explained.
Cahal Milmo, chief reporter of the i – and who reported
on the story – said that one of the reasons there has been an increase in
successful attacks is to do with dated technology.
He said: “Auditors and the NHS’s own cybersecurity
experts have highlighted the continuing use of old software such as Windows XP
in some parts of the health service as one vulnerability.”
NHS Digital, which stated that no ransom has been
paid in any of “the ‘rare’ serious ransomware cases” it has been alerted to, is
making concerted efforts to boost its cybersecurity prowess.
Rob Shaw, chief operating officer at NHS Digital’s
Data Security Centre, revealed last month that the health tech body is looking to
work more closely with the UK’s National Cyber Security Centre.
Ransomware attacks are an increasingly popular way
for cybercriminals to extort money from companies and consumers, as ESET’s Lysa
Myers recently highlighted.
“Ransomware can certainly be frightening, but there
are many benign problems that can cause just as much destruction,” she noted in
her article.
“That is why it has always been, and always will
be, best practice to protect yourself against data loss with regular backups
kept offline. That way, no matter what happens, you will be able to restart
your digital life quickly.”