It’s been a year since the WannaCry ransomware attack knocked the UK’s National Health Service (NHS) offline, and subsequently infected more than 300,000 devices across 150 nations.
Yet research shows that organizations are still struggling to protect our private information, particularly the healthcare industry. The NHS can attest that the harm done by a ransomware attack goes beyond financial damage. With surgeries canceled, appointments postponed and ambulances diverted, the damage the NHS faced could have been life-threatening for its patients.
With all the advancements the healthcare industry has seen over the past 5 years, you would think that protecting these devices would be of the utmost importance. The increased use of Internet of Things-enabled trackers make life easier for patients and doctors alike, and unfortunately, makes life even easier for hackers with more entry points to exploit.
With budgets stretched, hardware outdated, and unstable software, the industry is neglecting to follow basic security best practices. However, it’s not just the healthcare industry who fell victim to the devastating WannaCry attack.
WannaCry was successful due in part to its self-replicating nature, but organizations became victims of the rather unsophisticated attack due to their lack of basic IT security. NNT recommends adopting our method of Security through System Integrity to protect your IT environment. Security through System Integrity starts by ensuring the essential CIS Controls are in place, establishing a solid security foundation.
Once these controls are in place, NNT leverages Intelligent Change Control to track and analyze changes to your systems’ integrity using self-learning whitelisting technology and threat intelligence. We then use dynamic baselining to ensure your systems are aligned to the most up to date, secure, and compliant state possible based on checked, approved, and authorized changes.
Hackers used the NSA’s EternalBlue exploit to execute the ransomware attack on May 12, 2017, but Microsoft patched the vulnerability on March 14, 201, meaning the NHS neglected to patch their systems for at least over two months. Vulnerabilities are being published regularly, so stay up to dated and be proactive or your organization could be next. The dangers of running outdated pose an even bigger risk in a corporate IT environment, as you are posing a risk to the entire network. This was why the WannaCry ransomware was able to 'worm' around the NHS network, infecting any other vulnerable systems.
Preventing a breach is easier than recovering from one, both from a financial standpoint and a productivity standpoint. Business must adopt an approach that limits their exposure and vulnerabilities in terms of network security, make sure all systems are up to date, and follows the principle of least privilege.