The Courier & Advertiser (Angus and Dundee)
Up to 230 attempts per day to hack into NHS Tayside
Expert says none of the bids to break into health board’s IT system were successful
Computers in NHS Tayside are being bombarded with up to 230 hacking attempts per day.
Data released through Freedom of Information legislation reveals security products throughout the health board deal with between 5,000 and 7,000 unauthorised attempts to break its IT system per month.
NHS Tayside was asked to divulge exactly how many attempts had been made per month for the last five years but could not give exact figures.
None of the attempts on the health board’s systems in that time were successful.
Computer expert James Morris, assistant director of IT at Dundee University, said it is not unusual for large companies and institutions to face such a barrage.
“There is a big difference between successful and unsuccessful attempts, of course,” he said.
“There are numerous types of actors, as we call them, who carry out IT attacks.
“The types of actors vary and they can be after financial gain, or organised crime, among others.
“There is also hobbyist and activist hackers, which are different things.
“Whatever the motivation, many of these attacks take little skill to set up and once that is done their system can continually try to hack a system.
“Every internet accessible device can be attacked, so if you are talking about a big institution like Dundee University, or a council or a health board, that does equate to a large number of attempts.
“At the university, for example, there is a lot of personal information held so that can make for an attractive target. The biggest risk is people being duped into revealing their password.
“While there are a lot of safeguards in place, the reality is, that if China, for example, wanted to access our systems there is nothing we can really do to stop them.”
“
Our protection systems have successfully repelled every attempted attack.
NHS TAYSIDE SPOKESWOMAN
The Scottish Government introduced a cyber resilience action plan in recent years.
It outlines minimum requirements that public bodies in the country have to adhere to in regards to software security.
An NHS Tayside spokeswoman said: “Our protection systems have successfully repelled every attempted attack.
“The number of attacks may seem high, but every employee has access to our system and have an email address so it is a vast network. The numbers seen at NHS Tayside are not unlike those seen by any company or organisation of a similar size, is our understanding.
“Also, hacking is an all-encompassing term. It includes phishing, malware attacks and many other methods. Many of these will be automated and not the stereotype of someone in their bedroom trying to access our systems.
“It is more sophisticated these days, but our safeguards are working.”