Patients’ data at risk as NHS boards suffer tide of hacker attacks
SENSITIVE patient data is at risk as thousands of hackers target health boards – with North Korea among those breaching systems.
Scotland’s National Health Service IT systems have been successfully hacked 117 times in only five years, while thousands of attacks were blocked, new figures show. In 2017, 11 Scottish health boards suffered breaches by North Korea during the ‘Wannacry’ global cyber attack.
This saw criminals target Windows XP machines with malicious ransomware – a type of software that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.
There were serious consequences for the NHS both in Scotland and England, while car giant Nissan was forced to shut down production in its Newcastle factory for two days.
Hospitals, GP surgeries and health centres are among those hacked, though it is not known if patients were affected. According to officials, health boards face thousands of hacking attempts every week, most of which are fought off. Due to security concerns, precise numbers are not published.
Figures obtained under Freedom of Information legislation show that NHS Lanarkshire had to call in the police following 62 successful hacking attempts against it.
NHS Fife was victim to 47 attacks, while the Western Isles had its systems breached five times. NHS Borders, Grampian and Greater Glasgow and Clyde, each had one breach. Not all boards disclosed whether they had been affected.
On one occasion, NHS Western Isles said it had been hacked by criminals using Locky malware. This is delivered by email with an attached Microsoft Word document which triggers the malware – a program or file that is harmful to computer systems.
Scottish Conservative chief whip Maurice Golden said: ‘These revelations show even Scotland’s NHS isn’t safe from global hackers.
‘Patients will be alarmed that their sensitive data is being pursued by North Korean hackers.
‘Thankfully, it seems our health service is well equipped to repel these attacks and that’s a tribute to the IT teams working hard to keep our personal information safe.
‘But there’s not room for complacency and hackers across the world are getting better all the time at attacking these systems. The NHS has many plates to spin, against a backdrop of dwindling support from the SNP Government, but this is one area that must be maintained.’
NHS Borders confirmed North Korea had breached its systems in 2017. At the time, it said it had been forced to shut down software but claimed there was ‘no immediate risk to patient care or confidentiality’.
Health boards have said their systems have managed to hold off thousands of virus and hacking attempts every day and that their back-up systems show no sensitive data has been lost or compromised so far.
The National Crime Agency (NCA) is the UK’s lead organisation on cyber crime. It works with the Scottish Government to strengthen systems and provides assistance to both private and public bodies when hackers breach systems.
Following the Wannacry attacks, the NCA said that ‘lives were put at risk and services damaged’ as it was forced to intervene.
A Scottish Government spokesman said: ‘Despite thousands of hacking attempts, the vast majority have been unsuccessful.
‘Patient care and data has not been impacted in any way by any of these failed attempts.
‘The Scottish Government published the Cyber Resilience Public Sector Action Plan for all organisations in Scotland’s public sector, including health.
‘This plan, alongside a number of those other actions, sets out the minimum standards for cyber security that public sector organisations are expected to meet and NHS Scotland Boards are currently working towards these.’
‘No room for complacency’