The U.K. National Health Service (NHS) is directing facilities to a security patch designed to counter the 12 May cyberattacks that crippled many healthcare facilities in the country. The NHS has also issued a series of guidances to trusts on how to respond to the attacks.
The cyberattacks took the form of a "ransomware" program called WannaDecryp0r, in which messages popped up on screens throughout NHS facilities informing computer users that patient data had been encrypted, and that in order to decrypt it the user would have to send $300 U.S. (232 pounds) in Bitcoin to a secret account. The NHS attack was part of a global assault that also infected computers at Spain's largest telecom operator.
The attack led to confusion and disarray throughout the NHS, as reports surfaced of trusts unplugging medical equipment from the internet and diverting accident and emergency patients to other facilities. At least a dozen NHS trusts were affected.
Since the attack, the NHS has issued a series of alerts and guidances to its network on how to respond to the cyberattack. The documents can be reached at the website of NHS Digital, the NHS office for data and IT services.
The guidances make a number of recommendations, including advice on how to protect against cyberattacks, including ensuring that security patches are up to date, running the latest antivirus software, and backing up data in multiple locations. It directed NHS members to a patch to fix security vulnerabilities the ransomware exploited.
News coverage of the attack has focused on lax computer updating procedures in NHS hospitals. The ransomware program, a variant of the WannaCry malware, reportedly exploits the Windows XP operating system, which Microsoft stopped supporting in 2014. Some IT observers have speculated that a number of NHS trusts never upgraded from Windows XP to more modern operating systems, and it was these trusts that were most affected by the attacks.
Indeed, an article on the IT website Engadget claimed that NHS Digital alerted "more than 10,000 security and IT professionals" in April of the need to install a patch to protect their systems: "Reading between the lines, NHS Digital is basically blaming the update apathy of individual trusts as the reason for the ransomware's spread," the article states.
In its new guidance, NHS Digital provided answers to a list of frequently asked questions (FAQs) on the ransomware attack, as well as how to make sure that radiology and other equipment vendors are providing the latest antivirus updates for their machines. NHS has communicated with all of its system suppliers and requested that "they treat this incident with the highest priority."
The guidance also includes advice on whether infected facilities can reconnect to the NHS network after installing the patch, and whether sites that were not infected and that have installed the security patch need to roll back their computer systems to the last good data backup.