By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email
No need to pay just yet!
About this sample
About this sample
Words: 1811 |
Pages: 4|
10 min read
Published: Mar 28, 2019
Words: 1811|Pages: 4|10 min read
Published: Mar 28, 2019
The NHS is the health and care system of the United Kingdom, funded by the government. Everyone who lives in the UK is subject to free health care (although is taxed for the service). The NHS is not one organisation but is many different sections joining together under one name. These are split into the four countries made up of the United Kingdom (England, Scotland, Wales, Northern Ireland), which are also split up into CCG’s (clinical commissioning groups). When the NHS started its main aim was that : ‘Everyone - rich or poor, man, woman or child - can use it or any part of it. There are no charges, except for a few items. There are no insurance qualifications. But it is not a “charity”. You are all paying for it, mainly as taxpayers, and it will relieve your money worries in time of illnesses’
A massive problem within the NHS is that they do not utilise their ability to reduce costs/ get what they want. Each CCG has their own budget and autonomy to acquire whatever they need to run hospitals, GP practices, ect. From a business and security perspective, this is not an effecient way to run the NHS as a whole. The main reason for this is the high costs induced when buying as many small entities. When buying as one big entity costs are reduced as a result of economies of scale. Security hardware and software is very expensive to buy, install and maintain, utilising economies of scale would be a sensible way to lower the costs of such a big operation. This money saving strategy does not need to be reserved for cyber security purchases as it can be utilised for the majority of purchases made, any money saved can be re-invested back into the IT budget, which could have helped prevent Wannacry form impacting the NHS so drastically.
As the NHS is made up of many different CCG’s, They all have different preferences and decision making techniques. This leads to differences in systems such as Windows, Linux, ect. The NHS has allegedly over 10 different systems. This impacts on the abilities of all these different CCG’s to share data between themselves, suppliers and patients. This becomes very hard to maintain and figure out the logistics of. If all CCG’s used only one or another system it could help the overall security and maintanence of the systems. As all computors will run the same systems, comunication will be simpler and easier to maintain. Although Wannacry was an attack directed at a flaw in Windows other systems were not not hit, however when the attack first manifested, it is easier to deal with an attack if all systems are the same. During the attack there was no clear leader and no one took charge this shows how unprepared the NHS was prior to the attack.
Wannacry is a ransomware coupled with an exploit allegedly developed by the NSA (the US National Security Agency). A ransomware is malware planted illegally in a computer or mobile device that disables its operation or access to its data until the owner or operator pays to regain control or access . The malware it was coupled with was known as EternalBlue (code name) , this malware targets Microsoft Windows operating systems. The attack only affected older unsupported versions of Microsoft, which is why the NHS was affected so badly, and newer versions that had not been patched. The majority of computors affected by Wannacry in the NHS were not infected by Phishing e-mails, these are e-mails sent with the intent of making the recipient do whatever the sender wants (open up malware in this case). But by the exploit EternalBlue and utilising a backdoor malware dubbed DoublePulsar, this backdoor ensured a way to, once on a network infect all computors physically connected to it, infect the computor and encrypt the data without the users knowledge. However for the malware to be registerred onto the network/computor in the first place a phishing e-mail must have been delivered and opened allowing the malware to propagate Once on a network this could take less than a minute to infect all computors connected to it.
The exploit EternalBlue is allegedly developed by the NSA and then released. Microsoft have since pinned the blame on the NSA, because Microsoft feel that if they had known about the flaw in their system sooner, they will had been able to release a patch much sooner. However, this would not have helped the NHS. There were reportedly 90% of the NHS trusts running at least one Windows XP device . This figure is incredibly important as to why the NHS was impacted so badly by the Wannacry attack. As Microsoft had released a patch for the flaw in their system that would have prevented Wannacry from infecting their computors, but this was for supported Windows systems. Windows XP is not supported so the NHS could not had downloaded it to reduce the impact.
When a computor is infected with wannacry it shows an application demanding a £300-£600 payment for all files to be restored. Although the attack infected over 200,000 computors, Wannacry only gained around $72,000 revenue . Considering the scale of the attack this revenue is not a huge amount of money. The threat actors also cannot access this money, if they want their identity to remain anonymous so theoretically no money was made from the ransomware attack, money has only been lost.
Wannacry was not targeted at the NHS, it just found a massive flaw in their security. Wannacry had a massive global impact that affected massive companies such as FedEx, Telefonica as well as other services, such as the transport sector . In total Wannacry infected around 200,000 computors in as many as 150 countries . The attack disrupted 34% of the NHS trusts in England, which is 80 out of the 236 trusts in England. 34 of these trusts were directly infected with the ransomware and could not access any files, whilst 46 were indirectly affected , indirectly affected trusts were trusts that were aiming not to acquire the malware, so they turned computors and systems off. This in turn impacted patients, which is the focus of the NHS. There was an estimated 19,494 patients that were affected by the attack. The impacted patients had cancelled appointments due to logistic capabilities, or that equipment that ran Windows XP was not working. They also had appointments re-scheduled to new times or if treatment was necessary, some patients had to travell to un-affected hospitals/CCG’s in order for that treatment.
It has been reported that no NHS organistation paid the ransom due to the advice of senior figures in the government/security sector. However with Wannacry encrypting patients data and locking out any access to computors, there was widespread panic amongst hospitals. With employees working long hard hours to relieve the pressure/impact Wannacry caused. It took as long as 4 weeks after initial infection for all traces of Wannacry to be removed off of the NHS’s systems.
There are many ways that the NHS could have helped ‘prevent’ the attack. The Wannacry attack was born from the NSA, after it had been released they informed Microsoft about the flaw in their system. This gave Microsoft a chance to to recify the vulnrebility. The patch was released Mrch 14 for all supported versions of Windows. However because the NHS had so many systems running Windows XP which is not supported they were unable to download this patch. Although the big problem for the NHS was the unsupported version of Windows, Windows XP, the NHS also had systems that ran supported versions of Windows but were not patched. As the patch available was aimed at removing the vulnrebility, downloading this patch would have been crucial to preventing the drastic impact of the attack. A key prevention mechanism for future would be to update all systems to supported versions of Windows if possible, and regually patch. This can highly reduce the risk of exploits flowing through the NHS’s systems.
To prevent the attack from being downloaded onto a computor a key cheap way to help prevent attacks that do not propogate or even stop the malware from Wannacry developing onto the computor a key prevention method would be education. Training in what phishing e-mails and what looks dodgy could have been key to preventing the severity of the attack. It is believed that these phishing e-mails were aimed at the financial sector within the NHS as the emails were about invoices. Education and training is mandatory in the NHS however training can always be improved.
The NHS did not dompletely fail in terms of data security as all data was backed up. The reason the NHS did not need to pay any ransom was because all of their data was backed up. It is one of the best data defences for any attack but it can leave the back ups and all data there vulnerable.
Technical prevention methods include boundary defences. These would be defences such as inspecting e-mails for potential malware. This email security software can block e-mails if they meet certain criteria. These criteria include blocking e-mails if they come from : dodgy sources, if they have certain hash keys, contain certain files that could be interpreted as malware, certain websites that look like they could lead to malware being downloaded and spam e-mails. Another form of boundary defence is the same as e-mail security but for URL’s, when alaysing URL’s, the reputation of the URL is taken into consideration. If a URL has known viruses or malware linked to it then the URL will be blocked or re-directed. The time of DNS will also be looked at (the time the website was registerred), if the website was registerred recently then it will be blocked. There is another line of defence for URL’s, which are black and white lists, These are known URL’s which cause viruses or are liked to malware. They can also have catagrory based access ; this blocks all websites that are not in the catagories stated by the user, any website not in a catagroy will be blocked as they have potential to be dangerous.
If malware does get onto a computor there are sandboxes. A sandbox is an isolated environment that runs the program/file to check if it performs any tasks that could harm the computor or is dangerous. This is quite easy to get around as most coders just put a delay on their malware or include code that knows whether it is in an isolated environment, so that the program does not execute anything or waits a certain amount of time before it executes so it seems there is nothing wrong with the program.
Browse our vast selection of original essay samples, each expertly formatted and styled