NHS cyber attacks – preventing and handling ransomware

12 May 2017

As widely reported in the media, there has been a significant wave of ransomware attacks against a large number of NHS bodies and their access to data held on computer systems. NHS Digital has stated that it is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target corporate networks. In spite of this, there are many pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact when one does occur, and to recover swiftly and effectively. These span several aspects of IT operations and security, and primarily relate to:

  • Robust business continuity planning and exercising and the ability to restore systems rapidly from backups;
  • Crisis and incident response planning and exercising to ensure incidents are managed and resolved swiftly;
  • Strong security hygiene policies and user awareness to prevent ransomware entering your IT environment through both technical controls and vigilant employees; and
  • Rigorous patch and vulnerability management ensuring you make effective use of work already done to address vulnerabilities.

Priority recommendations for management and IT colleagues to consider, subject to also considering the operational impacts of making these changes, are:

  • Provide your desktop and server IT operations teams with all the support they need to rapidly deploy Microsoft’s April and May security updates, along with MS17-010;
  • Accept that addressing issues may require temporary disruption to some IT services as additional controls are implemented and vulnerable services disabled. For example, disabling the SMBv1 protocol and the ability to execute unsigned macros in Office documents, and enabling two factor authentication for all external access to systems (e.g. VPN and RDP).

PwC never recommends paying a ransomware - unless there is a threat to life. Doing so fuels the ransomware economy, funding development of additional ransomware techniques and campaigns.

For any enquiries on how to best prevent or address ransomware or other cyber attacks, please contact: breachaid@uk.pwc.com

We have released a report to PwC customers containing more technical detail and recommendations about this ransomware. Please feel free to email us at threatintelligence@uk.pwc.com and we will be happy to send you a copy.



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated and will not appear until the author has approved them.