WannaCry ransomware attack goes global

 

News on Friday 12th May that NHS England had suffered a major ransomware cyber attack has since been extended to a wider victim base. We now know that the attack has affected around 150 countries, with major hits on the UK and Russia. It is estimated to have affected over 200,000 users to date.  In the UK 48 NHS trusts have reported problems at hospitals, GP surgeries and pharmacies, along with 13 NHS bodies in Scotland – and no doubt the early part of this week will result in more problems as staff come into work and switch their PCs back on.

The hack which targeted Windows machines was miraculously stopped in its tracks from spreading by a young security expert (under name @MalwareTechBlog) who accidentally hit the kill switch on the malware by registering the hard code as a domain name which had been seeded by its creator

SAFEGUARDS:

There are some urgent checks that all companies and organisations should be making in the next 24 hours:

  1. Ensure you are up to date on patching your environment– a lot of organisations were caught out because they didn’t (and Microsoft released a patch for the vulnerability exploited by WannaCry in March 2017).
  2. Check your Anti Virus is up to date (and preferably use a cloud based service ie Webroot)
  3. Ensure you back up all your essential data in line with your businesses Recovery Time Objective (RTO) and Recovery Point Objective (RPO), so you can’t be held to ransom and fearful of operational losses.
  4. Communicate with your staff to alert them to avoid clicking on any suspicious emails and making sure that your operating system software is up to date (it was a rare move for Microsoft to release security updates for unsupported software such as XP as a direct result of this event)

Companies that want advice on data security, can contact Amicus ITS in confidence on 02380 429429.

 

This Week’s Technology News – 24h November 2014

3D Printing – refreshing the parts other printers cannot reach
The 3D printing sector has seen interesting advances over 2014 with this growing technology in use on earth and in space.  The International Space Station (ISS) has installed its first 3D printer. Before the installation, start up company Made in Space tested the printer in zero-gravity on an airplane. With the printer on-board, astronauts will be able to print physical parts themselves without needing to commission them from earth and get rocketed into space (both costly and time consuming).     Printed parts in theory will be able to replace faulty parts or maintain certain equipment in the ISS.

In parallel, researchers from the University of Oslo have designed bots that can already adapt to unforeseen problems and 3D-print new parts for themselves (ie. self healing manufacture) and apply intelligent best adaptation to its environment.   The options are limitless the scientists believe, based on a few limited instructions ie. what to do, how fast to go, its size and energy consumption.  The ingenuity for an autonomous computer being able to consider thousands of options simultaneously and 3D-print parts to create a new model, creates an intriguing possibility perhaps for ‘3-D Printing as a Service’ for MSPs?

 

Is business ready to accept ‘Facebook at Work’?
Although not formally announced, ‘Facebook at Work’ has been heavily rumoured to be used internally at the company, with a worldwide launch for business imminent.    Apparently, it is distinct from its current consumer model by barring personal details and helping overcome being blacklisted by organisations which disallow social media engagement at work. With the rise of social networking and collaboration, Facebook is cleverly poised through its dominant position with over one billion Facebook accounts, to try to take on the likes of LinkedIn and other corporate-focused social networks like Microsoft’s  Lync and Skype.   The diversification opportunities deepen, as collaboration leads to online storage where users upload and collaborate on documents with other users of the service.

The real question is whether, despite all their canny commercial plans, and even accounting for proper security and governance procedures, will the sheer name of ‘Facebook’ simply scare off a lot of companies?   Ultimately, the scale and impact of social networking cannot be ignored, but overcoming assumptions about the brand and how it will advocate its handling of public and private information will be the largest hurdle facing Facebook as it stares out from this mirror of opportunity.

Facebook

Dictat to go digital in healthcare – or warning NHS funding will be pulled
NHS England’s National Director for Patients & Information, Tim Kelsey, has announced the publication of its ‘Personalised Health and Care 2020 Strategy’.  This paper confirms NHS England’s intention to go paperless by 2018-20, or face having its funding pulled.

At its heart, patient care records must be available across urgent care services by 2018 and throughout all NHS organisations by 2020 to create joined up practice amongst professionals, speed and efficiencies and avoidance of errors (ie. in prescriptions).  Only 4% of records are currently accessible online.

The technical challenge around IT remains that many of the NHS’s PCs are still running the soon to be defunct Windows XP.  If as stated, financial resources will be made available to assist healthcare organisations, this will come as good news for IT teams and MSPs to help support any such migration to make the NHS fit for digital.  However, it must remain an integrated and secure approach.  The BMA’s GP Committee Chair Chaand Nagpaul concluded that “..the most critical aspects to get right beforehand are the safeguards, confidence and trust of patients”.   Added to this, should be the strict management of patient data to prevent it being sold unknowingly to third party commercial organisations for private profit.

Following errors on the Care.data scheme debacle earlier in 2014 which failed to have appropriate data privacy safeguards in place, this is a very valid point, but should not stop  future rollout if armed with correct good practice and security and governance policies. Hopefully, with National Data Guardian Dame Fiona Caldicott now on board, this will no longer be an issue. The key obstacle instead will be how much money healthcare organisations can secure to cover the necessary IT ‘fit for future’ upgrade investments.

NHS

NHS kitemarks for apps
In a separate move, with the rapid increase in health-related apps for mobile phones and other personal devices available in the market, NHS chiefs are backing a “kitemark” for health-related smartphone apps to validate those deemed as safe to use by patients to help them manage health conditions.  It also includes an e-version of the red book recording baby’s immunisations and development to be online from 2016, to counter the loss of key info if the actual book goes missing and the child requires vaccination, review or emergency treatment.

BSI-logo-strap-and-Kitemark

 

Can selling patient data be defended and protected?

NHS England plans to create a single database of medical data from hospitals and GPs. This has created commercial and security concerns amongst the public and privacy groups. Drug and insurance companies will be able to buy the information later this year and the NHS has not had much luck managing data security in recent years. Privacy group concerns counter the “pseudonymised” records promise of NHS England, arguing that cross referencing by insurers, pharmaceutical groups and other health sector groups will enable identification of individuals from their own medical data. This is supported by a Netherlands study which showed that the unique combination of DOB, gender and a partial postcode enabled unambiguous identification. There are opt out forms from GPs but that does not cover records held at different hospitals or GPs if practice changed. It is a massively sensitive big data project, so the security framework will need to be truly robust to avoid continuing privacy and data protection legal risk.