On Wednesday, RES, a digital workspace provider, revealed the results of their recent research: in the last 18 months, as many as 34% of UK NHS providers have sustained a ransomware attack.
Ransomware is a type of malware that encrypts your hard drive. In order to get your data back, you must pay a ransom in digital currency, which cyber-criminals prefer due to its untraceable nature. In recent times, ransomware has become quite a prevalent data security threat, and not only have average users become targets, but increasingly schools, businesses, and hospitals as well.
Every National Health Service (NHS) provider in the UK was questioned to find out how many of them have sustained a ransomware attack. A total of 260 trusts responded, while 18 of them decided not to do so on the basis of their data rules. It turns out that 87 out of 260 sustained a ransomware attack, and Scottish NHS trusts were the most frequent targets.
There is no information regarding how many of them decided to pay the ransoms, but luckily, a lot of them were able to use backups to restore their data.
In any case, ransomware campaigns frequently target NHS trusts, since many hospitals would rather pay a ransom than disrupt their medical services. In order to avoid becoming the next victim, Jason Allaway, VP of UK and Ireland at RES, recommends the following countermeasures:
– Read-only access.
– Comprehensive blacklisting and whitelisting.
– Context-aware access controls.