View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

Advertorial feature by Sophos
  1. Spotlight on Policy
17 March 2021updated 08 Sep 2021 8:25am

Hackers are chasing quick bucks by attacking a Covid-stretched NHS

Rapid expansion and ageing infrastructure has left NHS trusts and hospitals vulnerable to cyber criminals.

By Jonathan Lee

As we pass the one-year anniversary of lockdown, it is important that we reflect, not only upon our own personal sacrifices but also on the valiant efforts made by NHS staff across the UK, who in the past 12 months have worked tirelessly in the face of the almost overwhelming pressure placed on our healthcare facilities by Covid-19. However, Covid-19 was not the only virus hospitals have needed to worry about during this ordeal.

Before the pandemic, hospitals were still considered lucrative targets by cyber criminal gangs trying to snatch sensitive data or encrypt vital systems in exchange for money. However, the arrival of Covid-19 made things much worse, with heinous cyber criminals leveraging the pressures of the pandemic to target already-stretched hospitals, thinking they would be the most likely victims to cough up. Not only does this create chaos for understaffed facilities, it could also lead to fatal consequences for any seriously ill patients needing urgent treatment. For example, 2020 saw the first potential death caused by ransomware after a German hospital was attacked, forcing an ambulance carrying an elderly patient to travel nearly 40 miles to the next nearest hospital, a trip the patient didn’t survive, unfortunately. 

Ransomware gangs are not new, so our hospitals should be well equipped to deal with them. The only issue is, some are not.

Although hospital IT teams are also working hard to keep their networks secure, the rapid digital transformation we have seen across some areas of the NHS, spurred on by the pandemic, has almost certainly left cracks in the wall, creating new vectors for cyber gangs to exploit. And despite promising to not target vital healthcare facilities during the pandemic, ransomware gangs were quick to break that promise in search of a fast buck. 

The main issue here is that many of our hospitals rely on antiquated technologies and inadequate defences to fend off ever-evolving cyber criminals who work around the clock. In addition, finding and training the team of experts to take on this fight requires investment, which many NHS trusts simply cannot afford.   

Every second counts during an attack, which is why organisations need to be focusing not only on having the technology in place, but also on having services that can provide support. MTR (managed threat response) services, such as Sophos MTR, means health organisations are becoming more proactive in the fight against cyber criminals. Sophos threat hunters are able to proactively take action on an organisation’s behalf to mitigate threats in real time, allowing trusts to be one step ahead.   

In addition, trusts should also be aware of the fail-safe option in case a breach does occur, as it is imperative that hackers are prevented from reaching their goal in as little time as possible. Sophos recently launched its Rapid Response service, which is a 24/7 team of remote incident response and threat analysts who could be neutralising active threats within hours. 

If we really want to ensure our healthcare system does not suffer the same fate it did during the WannaCry era, it is time for the NHS to get ahead and take a more proactive approach to cyber security. While the end of lockdown is in sight, the fight to keep patients safe is still ongoing, and that starts from the moment their data is registered, not when they hit the wards. 

Jonathan Lee is director of public sector relations at Sophos

Topics in this article : ,
Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.