The National Health System (NHS) of Scotland fell victim to a cyberattack, purportedly orchestrated by INC Ransom. The message about the NHS Scotland cyberattack was posted by the threat actor and forewarned the release of 3 terabytes of sensitive data.
With approximately 140,000 staff spread across 14 territorial NHS Boards, seven Special NHS Boards, and a public health body, the potential ramifications of this cyberattack on NHS Scotland are deeply unsettling.
Decoding the Alleged NHS Scotland Cyberattack
The Cyber Express promptly reached out to the organization for clarification and insight into the NHS Scotland cyberattack. In a conversation with TCE, the Scottish government confirmed the intrusion, stating “We are aware of some data published on the web that is linked to the recent cyber-attack on NHS Dumfries and Galloway. This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole.”
Coinciding with this cyberattack on the National Health System, INC Ransom also claimed responsibility for an alleged cyberattack on Barrie and Community Family Health Team. Moreover, this assault on NHS Scotland follows a disconcerting trend of cyber intrusions targeting healthcare organizations within the same timeframe.
Adding to the apprehension, NHS Dumfries and Galloway, a vital component of Scotland’s healthcare infrastructure, announced being under attack by a “focused and ongoing cyber attack.”
The Scottish Government is working with the health board, Police Scotland and other agencies including the National Crime Agency and National Cyber Security Centre to assess the level of this breach and the possible implications for individuals concerned. The Scottish Government is continuing to provide support to NHS Dumfries and Galloway as they deal with this ongoing situation. This remains an on-going police investigation”, said a spokesperson for the Scottish government.
Although specifics regarding the nature of the breach remain undisclosed, the health board warned of potential disruptions to services as a consequence of the situation. Moreover, there are concerns that patient data stored within its systems may have been compromised.
The NHS Dumfries and Galloway Cyberattack
In response to these threats, NHS Dumfries and Galloway has initiated collaborative efforts with law enforcement, including Police Scotland, as well as cyber security authorities such as the National Cyber Security Centre, and the Scottish government, to ascertain the full extent of the breach and mitigate its impact.
This recent spate of cyberattacks bears close resemblance to past incidents, notably the widespread intrusion in 2020 that targeted more than 60 trusts within the United Kingdom’s National Health Service (NHS), extending its reach to over 200,000 computer systems across 150 countries, including Canada.
The infamous “WannaCry” ransomware attacked the NHS in 2020, disrupting operations, compromising patient records, and necessitating the cancellation of appointments and surgeries in numerous NHS facilities.
Despite assertions by UK Health Secretary Jeremy Hunt that there hasn’t been a subsequent wave of attacks, the vulnerabilities exposed by such incidents remain a cause for concern. Critics have pointed fingers at the NHS, highlighting gaps in technology investment and outdated systems that rendered it susceptible to attacks like WannaCry.
Although the NHS wasn’t singled out as a primary target for WannaCry, its reliance on obsolete Windows operating systems, some over 15 years old and no longer supported by Microsoft, left it susceptible to exploitation.
The WannaCry Ransomware Spree
The modus operandi of ransomware attacks, like WannaCry, often involves exploiting vulnerabilities in outdated systems, coupled with social engineering tactics to dupe unsuspecting users into inadvertently downloading malicious software.
The WannaCry ransomware attack of May 12, 2017, hit over 200,000 computers globally, leveraging an unpatched vulnerability to spread rapidly. Victims included major organizations like FedEx and the UK’s NHS.
A “kill switch” was discovered, temporarily halting the attack, but many systems remained encrypted until ransom was paid or encryption was reversed.
The attack used the EternalBlue exploit leaked by the Shadow Brokers, attributed to North Korea but disputed by some. Although the original version is defunct, variants still exploit EternalBlue, emphasizing the importance of updating systems.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
