The NHS cyber attacks crippled the systems yesterday and some health trusts are still affected. Yet the government has received not one but two warnings about the network systems susceptibility to attack. An EU funded SIRENS (Securing internet routing: Economics vs. network security) Project was published four days before stating that the border gateway protocol (BGP) is highly vulnerable to cyber attacks. BGP is a vital component of the internet routing infrastructure and the findings showed the protocol downgrade attacks were extremely effective with some S*BGP were useless against attacks. The SIRENS Project suggested a routing protocol that would make the internet work more securely.
It also appears Jeremy Hunt, the health secretary, was warned last summer about 60 hospitals, GP surgeries and dental practices whose “computer hardware and software could no longer be supported” and needed to be urgently replaced; the hospitals were still using these outdated system, on Windows XP. It seems to be a huge coincidence that the WannaCry virus attacks machines running Windows and some hospitals are using the same outdated software.
Everyone is aware of the multiple problems facing the NHS, but with the risk of patient care being halted and valuable data being lost or stolen, why was security not improved sooner? Money plays a large part of it, but Security Minister Ben Wallace insisted to the BBC that the NHS trusts have enough money to provide the security measures. Data must be regularly backed up and the security patches must be installed correctly in order for the safety to be continually up to date.
The recent cyber attacks were a huge wake up call for the NHS into the security of its healthcare software. Surgeries were cancelled, patients records withheld and issues with test and scan results are among the problems faced by trusts with computer systems held hostage. We are fortunate that most of the systems have been restored and that so far there has been no sign of a second wave; but 11 trusts are still affected, including Barts Health NHS Trust, whom operates 5 hospitals in London, has reduced or cancelled surgeries and outpatients appointments in response to the current issues.
The attack has raised many questions, including how safe our personal hospital records are or the effectiveness of the UK’s cyber security means reports such as these two are coming more and more important as the world becomes more reliable on the digital age. Hopefully this attack is the only one of its kind and while unsuccessful for the perpetrator, it has successfully shown the world where its vulnerability lies, its not terrorism, its cyber-warfare.