News of the latest cyber attack on the NHS has just made the headlines. This is rather concerning news, but there is no evidence of patient data being compromised (as the attached article states). It appears that at least 25 NHS organisations have been affected by this ransomware attack and cannot access patient data.
What is ransomware?
Ransomware is a type of malware that restricts access to systems in some way, often by encrypting files and then demanding a ransom to obtain access.
Is it advisable to pay such a demand?
This can be a difficult decision as the amount of money demanded by the criminals are usually of relatively low value. If you do pay the ransom in an attempt to recover your data, you should keep in mind that this does not guarantee that your data will be recovered and the fraudsters may well target you again. Payment of funds also supports criminal activity and creates a market for criminals to operate within.
The UK’s National Crime Agency advises businesses not to pay these type of demands. They state on their website: “The NCA would never endorse the payment of a ransom to criminals and there is no guarantee that they would honour the payments in any event."
Cyber attacks are happening more often and it can have a crippling effect on small businesses. This fact was highlighted by a report produced by the Federation of Small Businesses (FSB) at the end of 2016. The report can be found here.
In light of the increasing number of cyber attacks and the importance of securing data in a small business, the FSB has taken the initiative and introduced a new free cyber helpline for its members. The cyber security helpline is provided by cyber experts NCC Group through LHS Solicitors on behalf of the FSB.
Law for the online generation starts here.
NHS services across England have been hit by IT failure, caused by a large-scale cyber-attack. Trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected. Some GP surgeries have had to shut down phone and IT systems while A&Es have told people not to attend unless it is a real emergency. NHS Digital said in a statement that it did not have evidence that patient data had been accessed. It added that the ransomware attack was not "specifically targeted at the NHS" and was affecting other organisations from a range of sectors.