Camellia Chan of cybersecurity firm X-Phy said that while ‘relatively little’ damage was done, it could have been ‘an awful lot worse’.
The UK’s National Health Service (NHS) suffered disruptions in recent days as it was revealed that a software outage was caused by a cyberattack.
It was first detected on Thursday (4 August) by Advanced, the software firm providing digital services to emergency line NHS 111. The cyberattack targeted systems that facilitate patient referrals, ambulance bookings, out-of-hour appointments and emergency prescriptions, according to BBC News.
The company’s chief operating officer, Simon Short, told BBC News the loss of service was related to a cyberattack and had been contained to “a small number of servers”. At the time, Advanced did not expect the issue to be fully resolved until this week.
“We can confirm that the incident is related to a cyberattack and, as a precaution, we immediately isolated all our health and care environments,” Short said.
An NHS spokesperson said that while disruption was “minimal”, it was monitoring the situation “closely” and asked people to call 999 in cases of emergency.
“There is currently minimal disruption, and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible – tried and tested contingency plans are in place for local areas who use this service.”
Camellia Chan, CEO and founder of AI cybersecurity firm X-Phy, said that while “relatively little” damage was done, it could have been “an awful lot worse”.
“In a more sophisticated attack, patient data could be exposed, and lives could even be at risk if critical equipment and information hang in the balance. Targeting healthcare organisations is becoming increasingly common, in part due to outdated equipment and underfunded IT departments, making them vulnerable,” she said.
“A good cybersecurity posture isn’t a one-and-done tick-box exercise, but an ongoing proactive, intelligent and self-learning process.”
In 2017, NHS services were significantly impacted after a large-scale ransomware attack.
The Irish national health service was also subjected to a cyberattack in May 2021. More than 80pc of IT infrastructure was affected and there were severe impacts on health services after IT systems were infiltrated using Conti ransomware.
“Despite the efforts of the NHS, the volume of activity targeting public healthcare organisations, combined with demands and constraints on resources, means that the cyber risk is still very high,” said Jason Hart, CTO for EMEA at cybersecurity firm Rapid7.
“Building resilience must be a focus, whether that’s to fend off nation-state attacks or the more common profit-motivated cyberattacks.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.