The UK's National Health Service has learned from last year's WannaCry attack – and started putting in place disaster recovery measures that will allow it to maintain services in the face of an even fiercer assault.
The worldwide spread of WannaCry last May hit hospital networks particularly hard and left doctors and nurses unable to use computers, resulting in confusion and the postponement of some non-urgent procedures.
74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+READ MORE
The high profile incident was “not the be all and end all,” according to Dan Taylor, a director of security at NHS Digital. Contrary to the impression left by media reports, “WannaCry affected healthcare in a small way," he claimed, with just over 40 organisations affected.
Taylor was not seeking to downplay the effects caused by WannaCry, but rather to provide context by saying as many as 25,000 centres weren't affected. He also spoke against complacency by arguing that still worse might be possible, so stepped up defences and preparation were crucial. Taylor praised his staff for dealing with the emergency during what he described as a seminal moment in his career.
"WannaCry was a shot across our bows. It was the idea that something could happen, it did happen, and it did affect patient care in many areas,” he said.
“It was the be all and end all incident, in healthcare. Something new will happen and... there will be another WannaCry.”
Taylor made his comments during a panel on disaster recovery, entitled In the Eye of the Storm at the National Cyber Security Centre’s CYBERUK 2018 in Manchester on Thursday.
Official reports by the National Audit Office (NAO) and others after the outbreak faulted the NHS for failures to patch against the known security vulnerabilities exploited by WannaCry. The malware spread through the EternalBlue exploit in Windows systems dumped by The Shadow Brokers hacking crew a few months prior to the attack. Western intel agencies in the UK and US both publicly blamed North Korea for the attack late last year.
Taylor said NHS Digital has developed a much more comprehensive disaster recovery plan since the WannaCry attack before embarking on a rigorous, ongoing testing regime. "The thing we’ve done since that is test, and test, and test again... when [anything] does happen, we’ll be in a much better position.”
S**t happens, deal with it
Contrary to what vendors might claim a security panacea or silver bullet doesn’t exist but threats can still be mitigated with layers of security. Even with those layers and extensive preparation “things will still happen.”
Paul Chichester, director of operations at the National Cyber Security Centre, said that above all organisations need to be prepared to deal with a data breach.
“Expect a breach and be prepared by putting in place things such as logging and computer forensics,” Chichester advised. “The mark of the maturity of an organisation is in how they deal with a breach when you call them,” rather than whether or not security incidents - which are nigh on inevitable - happen, Chichester added.
Yochana Henderson, head of digital identity management for the Parliamentary Digital service, gave CyberUK delegates an inside view of a high profile brute force attack against Parliament’s email system during the same panel session.
The “sustained and determined” attack began quite slowly before intensifying once its perpetrators realised it had been detected," she explained.
An estimated 90 email accounts were compromised on the Parliamentary network last June. The UK government subsequently blamed Iran.
Henderson said that lessons learned included focusing on getting key services back even if other things aren’t working. Parliament has to sit, in the particular case in point, for example. Like her counterparts, Henderson emphasised preparation and disaster planning as the key to been prepared to limit the impact of future attacks. ®