The WannaCry Cyber attack in May 2017 severely disrupted the NHS, as well as many businesses across the world. We know that 595 GP surgeries were infected with the virus that targeted older Windows operating systems and encrypted, or locked, data and demanded a ransom to release it.
In reality, the true impact on healthcare organisations is still not known. However, more than a third of England’s NHS Trusts report being affected.
Biggest Cyber attack on NHS (so far)
WannaCry is not the first ransomware attack, and it certainly won’t be the last. However it is the biggest the NHS at least has ever seen. And it could have been prevented in many cases by completing Microsoft updates and installing recommended software patches.
Cyber attacks are increasingly targeting smaller businesses and healthcare organisations, taking advantage of vulnerabilities in security that larger corporations have fixed.
Medical data is highly valuable, even more so than bank details, so it is no wonder that doctors and other medical practices are so heavily targeted.
It is thought that the impact on small businesses for a Cyber incident is around £115,000, with that set to increase after May 2018 when the General Data Protection Regulation (GDPR) comes into force. With that in mind, it is important for medical and dental practices to be prepared.
Types of Cyber attacks
Cyber attacks come in many forms and are often unsophisticated and opportunistic. Here are some of the most common ones that businesses face.
- Phishing emails exploit human error by tricking someone into opening or clicking on a link that contains a virus.
- Social engineering relies on contacting people and tricking them into sharing personal or proprietary information. This could include spoofing the email address of someone you know so an email with a request for information appears to be genuine.
- Hacking is a direct attack on IT or security systems through vulnerabilities.
While unsophisticated, the criminals are becoming better at making their emails and phone calls seem genuine, which makes protecting your practice an even harder task.
The damage of a Cyber attack is far reaching. The most serious concerns are:
- Loss of customer data or other important files.
- Fines, ransoms and other monetary losses to fix the security problem.
- Business disruption, and therefore, loss of business through being inactive or uncontactable for a period of time.
- Loss of reputation if customers lose trust in your ability to keep their information safe.
Protecting your medical practice
The key to protecting your practice from hackers and other instrumented attacks is investing in Cyber security.
This means installing or upgrading the best IT systems, applying recommended updates and patches on computers, having a security policy and staff training as a minimum. Also read our guidance on protecting yourself from email fraud for some hints and tips on what to look out for in a scam email.
You should also consider Cyber Liability insurance, because although this won’t directly prevent an attack, you will be given guidance on protecting your practice, and also have an additional layer of protection in the event of an incident.
Find out more about our Cyber Liability insurance and what it covers if you are victim of a Cyber attack. Contact one of the All Med Pro team to speak about your specific requirements.