Trust reveals cyber security team prevented phishing attack
Cyber attackers were stopped in their tracks as they tried, once again, to target the NHS.
North Bristol NHS Trust has revealed that, in February, its cyber security team was able to fend off a ‘phishing’-style attack targeting 800 staff email accounts.
Cyber attacks are a very-real threat to the NHS and we continue to work hard to prevent them in order to protect trust and patient information
Phishing attacks are designed to steal log-in and password details so the culprits can take control of emails and online accounts.
According to the trust, which runs Southmead Hospital, the hackers were prevented from carrying out the attack.
Neil Darvill, the trust’s executive director of informatics, said: “Our dedicated cyber security team recently prevented a phishing attack that threatened staff email accounts.
“Cyber attacks are a very-real threat to the NHS and we continue to work hard to prevent attacks in order to protect trust and patient information.”
Only last May, the WannaCry cyber attack infected machines at 81 health trusts – nearly a third of the 236 NHS trusts in England – plus computers at almost 600 GP surgeries.
It forced the cancellation of appointments and caused widespread disruption to services.
The sheer number of phishing attacks that are being launched highlights the extent to which this continues to be a favoured tactic for cyber criminals targeting the healthcare sector, and they’ll continue to adapt their techniques to find ways to work around cyber defences
As a result, the Government announced major investment in NHS systems to better protect them against future attacks.
Following the Bristol trust’s revelation, Stephen Burke, founder and chief executive of Cyber Risk Aware, told BBH: “This highlights the continued need for cyber awareness and vigilance from NHS staff.
“Hackers are great at exploiting human nature, and using phishing is a hugely-popular tactic to gain entry to a network.
“Once they can get through defence and onto user’s machine they may use sophisticated methods to stealthily move laterally across a network stealing data or credentials.
“The sheer number of phishing attacks that are being launched highlights the extent to which this continues to be a favoured tactic for cyber criminals targeting the healthcare sector, and they’ll continue to adapt their techniques to find ways to work around cyber defences in the healthcare sector.
“But the initial access point can be very straightforward and one that is highly successful; which is why healthcare institutions, in particular, need to encourage staff to help in spotting phishing emails and understanding hacking methods.”