The NHS could be hit with a wave of cyberattacks as hackers seek to take advantage of the impact of the spread of coronavirus, experts have warned.
Hospitals could face a fresh wave of so-called ransomware attacks which lock files in return for a ransom payment, similar to the WannaCry attack which crippled the NHS in 2017.
“Anything to do with healthcare may become a target,” warned Alan Woodward, a cybersecurity professor at the University of Surrey, “because the criminals know there’s no messing around, [health services] can’t be offline for weeks. They need to be running at peak efficiency.”
Last week, a hospital in the Czech Republic involved in processing coronavirus tests was hit with a cyberattack which forced it to suspend future operations.
The US government’s Department of Health and Human Services also suffered a cyberattack on Sunday evening which was reportedly designed to slow down the American response to a growing number of coronavirus cases in the country.
Andy Riley, an executive director at Nuspire which provides cyber security for health companies, warns that it is “the perfect time to hold an organisation that is already overtaxed with patient flow and uncertainty to ransom because they are going to pay the £32,000 rather than worry about it.”
However, Professor Woodward says the NHS’s 2017 experience with the WannaCry malware which locked files and caused the cancellation of 19,000 appointments, helped it to prepare for the future.
“The NHS is probably better prepared than most. It put a really big focus on exactly that problem,” he said, “consequently NHS IT, they absolutely do not want to end up there again.”
Since then, the NHS has seen a regular stream of attempted cyberattacks which it has managed to resist, said Tim Mackey, principal security strategist at Synopsys.
“Every single NHS trust is almost under daily attack from a variety of sources whether it is targeted or not,” he said.
On Tuesday, the National Cyber Security Centre published advice to businesses which warned of an increased cybersecurity threat from people working from home using their personal devices.