NHS Lanarkshire Infected with Malware — Again
The NHS Lanarkshire hospital, located in Scotland was the victim of yet another ransomware attack. The malware variant that infected the system is reported to be different than the WannaCry ransomware that infiltrated the system in May. The attack took down the facility’s email systems and left staff unable to access appointments. This led to the medical facility rerouting patients to other hospitals while remediation efforts took place. Jane Burns, acute division medical director reported to Reuters,
“I would ask that patients do not attend our hospitals unless it is essential. Emergency care will still be provided for those who do require to be seen.”
Medical Facilities Are Becoming Top Targets
Cyber criminals have begun targeting medical facilities for two major reasons. First, most medical facilities use outdated operating systems and software. Patching software in a medical facility can be complicated due to the number of endpoints, and different devices being intertwined with one another. If updates are going to be done, it takes a significant amount of time to ensure the update will execute without causing further complications. This is not a reason not to update, but simply an explanation why it takes time. It can be during this time that malware creators infiltrate the system.
Also, hospital records hold a plethora of data. This includes patient names, social security numbers, addresses, birth dates, phone numbers, email addresses, insurance information, and payment information. Once the cyber criminals have their hands on this data they can do a variety of things including:
- Selling data to other hackers
- Steal the patient’s identity
- Call the patient claiming to be from the insurance company and demand additional “payments”
- Use the email address for phishing scams
- Use the phone number for tech support scams
And these are just what we know about. Certainly, there are additional options in the dark web to make a quick buck from this data.
What to Do Now…
As patients, we trust our medical facilities to keep our data secure. Unfortunately, that may not always occur. When you leave your personal data with a medical facility, or any business for that matter, you’re giving up the control you have over keeping that information safe. This means, you need to be hyper vigilant when it comes to the following:
- Checking your credit/debit card statements
- Checking your emails — watch out for malicious scams, that may look like legitimate invoices or statements from reputable businesses.
- Be aware of tech support scams. Microsoft, or no other company for that matter, will call you out of the blue and say your computer needs to be “fixed”. This is a scam.
- Follow up on your credit report. When your identity is stolen, often times lines of credit are open in your name without your knowledge. The best way to catch this, is by pulling your credit report.