NHS Implements New Security Measures Post-WannaCry

The UK’s National Health Service (NHS) has announced they will be implementing new security measures in response to the WannaCry ransomware outbreak that devastated Windows networks around the world last May.

“Many people have felt the global impact of WannaCry - from late nights to a heightened sense of awareness, WannaCry has put many people on edge. Unfortunately, WannaCry will not be the last outbreak as assuredly as it wasn’t the first,” researchers from the Cylance Threat Guidance team wrote at the time of the attacks.

Unfortunately, the NHS was one of the ransomware’s high profile victims. At least 6,900 patient appointments with medical professionals were cancelled due to the effects of WannaCry.

A report from the National Audit Office indicates that the NHS was woefully unprepared for cyberattacks. A cybersecurity assessment conducted by NHS Digital prior to the WannaCry attack found that none of the 88 NHS trusts they examined passed existing IT security requirements.

Mistakes have value if lessons are learned from them. I have good news to report about what the NHS is up to now.

CareCERT SMS Alerts

When someone working for the NHS observes a cybersecurity concern or cyberattack, there’s now an easy way to warn NHS trusts throughout the UK. NHS Digital announced a successful pilot test of their CareCERT SMS alert system.

The system uses SMS text messages so that alerts can be disseminated even if email systems aren’t working properly, or if NHS workers can’t use their PCs due to cyberattack. The alerts are sent through GOV.UK Notify, the free government alert service.

“During major security incidents, we can now send CareCERT alerts and updates by using short message service (SMS) alerts, following a successful pilot. Contacts in Acute, Ambulance and Mental Health Trusts, Clinical Commissioning Groups and Commissioning Support Units can receive the alerts through this additional channel,” the NHS explained in a press release.

“SMS will be used to issue an alert to highlight a high severity security incident, followed by another which signposts colleagues to NHS Digital's external website for the latest information from CareCERT's specialist team. CareCERT works closely with the National Cyber Security Centre (NCSC) during major incidents and analyses multiple intelligence sources to ensure that users are provided with expert guidance.”

Ethical Hackers and a SOC

The new alert system is not NHS Digital’s only new effort to improve security. The NHS has also budgeted about £20 million on a new security operations center (SOC), complete with penetration testers. The funds will be spent on:

  • On-site data assessments for NHS organizations, which includes penetration testing by ethical hackers in order to find vulnerabilities
  • A monitoring service to analyze intelligence from multiple sources to share cybersecurity advice and to warn about possible cyber threats
  • Ongoing monitoring of NHS Digital’s networks and services
  • Security specialists to help NHS organizations that believe they may have been affected by an attack

“The Security Operations Centre will enhance NHS Digital's current data security services that support the health and care system in protecting sensitive patient information. The partnership will provide access to extra specialist resources during peak periods and enable the team to proactively monitor the web for security threats and emerging vulnerabilities,” remarked Dan Taylor, NHS Digital’s Head of the Digital Security Centre.

“By creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, the SOC will drive economies of scale, giving health and care organisations additional intelligence and support services that they might not otherwise be able to access."

A Reason for Optimism

It’s highly probable that the NHS will be the target of more attacks in the future, both targeted and promiscuous in nature. It is encouraging that in the wake of WannaCry, the NHS appears to be taking security operations very seriously. Thousands of Britons missed healthcare appointments due to WannaCry, and the potential implications from further disruptions in healthcare are immense.