The Wannacry cyber attack targeted the NHS in 2017, it shut down hundreds of thousands of computers, affected 1/3 of Hospital Trusts and 8% of GP Practices in the UK.
The cyber attack came from no-where, infiltrating NHS systems, with 200,000 locked out of their computer and ransom messages appearing on screen demanding Bitcoin payments to release their data.
It cost the NHS £92 million in total, £72 million of which was used to ‘cleanup’ and upgrade their IT infrastructure and systems after it had happened, but could this have been prevented?
How did it happen?
WannaCry, a hard-drive encrypting malware, exploited a vulnerability in the Microsoft XP operating system which is no longer supported but still has a whopping 4.59% market share. A patch had been released that year in March, however it is user dependant to ensure updates and patches are applied to each computer. Are your computers patched up to date ?
It was speculated that the WannaCry malware was spread via an email campaign (phishing) however, it was found, this wasn’t the case. Using a leaked NSA hacking tool, Wannacry looked for vulnerable public-facing SMB ports it could establish a connection to.
Once it had found a way in, it could then apply itself to that machine and any other vulnerable machines on the connected network. It took just one computer which led to a whole network being infected with the ransom ware.
The NHS had clarified, after the attack that no patient information had been stolen; the Wannacry malware instead encrypted all documents, photos, videos and databases on each infected PC/laptop. Staff had to return to a pen and paper operation, using their personal mobile phones to carry on working.
It is estimated that 1% of the entire NHS workforce was disrupted over the course of that week.
What were the consequences?
In this situation more than 19,000 appointments had to be cancelled, costing the NHS £20m.
In another case, the Hilton Hotel group were fined £525k for risking 363,000 accounts in two credit card data breaches when they were hacked in a similar style which could have been avoided if goog IT practice was in place.
Is a data breach really likely in my business?
Over 4 in 10 businesses (43%) in the UK have had a data breach within the last 12 months (UK’s Department for Digital, Culture, Media and Sport’s Cyber Security Survey 2018)
It is estimated that only 3 in 10 businesses currently have a formal cyber security policy in place.
Why invest in cyber security?
Scammers work around the clock, sending emails and creating viruses to infiltrate IT infrastructure of companies like yours. Did you know if your customer data is harvested through a hack you can and held liable and fined ?
Viruses, Trojans, malware and ransomware can cause downtime to your business. If your files on your PC were encrypted and you could not access them what would you do?
Prevention is always better than the cure and with hacking on the increase it’s time to get your IT up to scratch to ensure you’re not vulnerable.
Things you can do to prevent a data breach
- Backup your data regularly, with regular off-site automated backups
- Deploy strong passwords, using a password generator if necessary
- Train your employees in safe working practice when online
- Encrypt your data
- Invest in the latest technology now rather than take the risk
At Myriad Digital we offer entire solutions, from secure offsite backups, to Award-winning antivirus software, encryption programs and contingency planning so that you are covered should anything go wrong. Why not call us to arrange a meeting about keeping your business secure. Tel. 01626 360011
Remember Windows 7 will not be supported beyond February 2020 – so why not look at replacement options for your older computers and consider our leasing packages to make thing affordable.