UK Ambulance Service

The UK Ambulance Service is the latest target of Russian hackers according to a recent report.

Like much of the NHS and other critical infrastructure service providers across the country, Russian FSB, SVR, and GRU spies along with criminal proxies have been engaged in a coordinated campaign to infiltrate and reconnoiter large parts of the UK’s critical infrastructure services. This includes the Civil Service, the Ministry of Defence, and many of their contractors.

One of the objects of these cyber-attacks has been key suppliers to the UK Ambulance Service. Here individuals working on the Ambulance Radio Program have been targeted from multiple directions by hackers in a credentials-harvesting campaign to potentially crash the entire communications system. This would leave ambulance command centres unable to communicate with drivers and the police or fire services or prevent them from receiving vital location information.

The incident is believed to form part of a new Russian cyber warfare campaign dubbed by UK intelligence sources “Cyber Wagner”, in reference to the hardline Russian mercenary group run by the late Yevgeny Prigozhin.

“This is the new front in Russia’s aggression against the West,” a western intelligence source monitoring the activity reported “We need to prepare Western states for more aggression and hybrid warfare from Moscow.”

This week, MI5 director Ken McCallum announced that Russia is on a “sustained mission” to create “mayhem” across Britain and Europe. The UK's "leading role" in supporting Ukraine means "we loom large in the fevered imagination of Putin's regime" and further acts of aggression on UK soil should be expected, he warned.

This would not be the first time that critical UK systems have been besieged by cyber adversaries. Russian GRU agents have carried out "arson, sabotage and more dangerous actions conducted with increasing recklessness" since the UK backed Ukraine in its war with Russia, he added.

The revelations come just months after hackers behind a catastrophic NHS cyber-attack in the summer were identified to be part of a wider cyber army working under the Kremlin’s protection trying to destabilise the UK.

In June, healthcare services were disrupted across London after a major cyber-attack targeted Synnovis, a pathology testing organisation, severely affecting services. This led to the cancellation of 8,349 acute outpatient appointments and 1,608 elective procedures across much of South London at King’s College Hospital, and Guy’s and St Thomas’ NHS Foundation Trusts and their associated hospitals and clinics.

Qilin, which was held responsible for the assault, is merely one arm of the wider web of hacking affiliates, using servers based in Russia to carry out attacks on UK critical infrastructure. The hackers said the incident was in response to “unspecified wars”. The attack on the NHS was a “major escalation” of the Kremlin’s use of cyber warfare through use of criminal proxies.

As tensions continue to escalate, these attacks become less about opportunity for criminal profits and more about the desire to inflict damage to the critical infrastructure of another country. The fact that the Kremlin appears to be enlisting the support of criminal groups is not exactly a surprising development for many. It is widely acknowledged, that for many years, the Russian State has been providing safe harbour to Russian organised crime syndicate members accused of crimes in other countries by refusing arrest or extradition requests. So long as perpetrators direct their criminal business to organisations outside of the Russian Federation, they are allowed to operate with near impunity.

Although no definitive connection has been proven between the Russian State, criminal gangs, or the Russian Mafia, a close working arrangement has been evident for quite some time according to cybersecurity experts. Despite this, certain state and non-state actors within Russia appear to be intent, if not on the cusp of, launching a cyberwar with the UK, Europe and North America.

Read More

Mitigating NHS Cyber Risks

The UK National Health System is about to start connecting many of its medical devices to the healthcare network as part of its latest efficiency drive, but what does this mean for the cybersecurity of medical networks and to patient safety? Richard Staynings, examines medical devices, their expected lifespan, risks and support by manufacturers and explores what solutions are available to providers like the NHS to reduce cybersecurity risks.

 

 

Open the PDF in a separate page or view the full copy of Health Business Magazine and browse to Richard's article on pages 82 to 83.

Read More

New Zealand Healthcare - Just Keeping its Head Above Water!

New Zealand Healthcare - Just keeping its head above water.  Photo: Hamish Clark.

Securing the delivery of healthcare services in New Zealand faces many of the same challenges as in other mixed public / private health systems. Chronic under-funding of the public health system by government austerity measures is putting pressure on a system already overloaded. Net immigration to New Zealand is combining with a rapidly aging population that is living longer, and contributing to increased patient numbers and demand for services. Hospital administrators have been forced to make tough decisions to prioritize what little resources are available to only the most critical of patients. The result is that many elective surgeries especially for the elderly are in decline and little funding remains to secure and defend hospitals from cyber attack.

As a result of the crisis in the public health system and waitlists approaching a year for patients requiring surgery, those who can afford it, are switching to private healthcare delivery and health insurance. The overall percentage of healthcare services delivered via the New Zealand public system has consequently dropped to roughly 75%. A growth in private care is picking up the rest.

Could New Zealand's Health System come crashing down?  Photo: Lindsey Costa.

New Zealand spends roughly a third of the per-capita expenditure on health compared with the United States. Despite this, healthcare in the country is comprehensive yet quite inefficient, and heavily reliant upon legacy models of care, including more expensive hospital treatment. A fragmented and decentralized system of twenty District Health Boards results in repetition and duplication with wasted spending on "unique solutions to common problems", disparate "stovepipe systems", and "widely different care paths for common conditions" according to a report by Deloitte.

A lack of national uniform IT and security strategy combines with moribund health IT computer systems across DHBs, and manual labour-intensive work practices by doctors and nurses to compound inefficiencies.

The reality is that much of the national health budget appears to be squandered on administrative overhead. In fact, according to the Deloitte study, "some OECD researchers have estimated that well over 2% of New Zealand’s GDP is wasted on administrative inefficiencies."

With budget deficits and almost no money to spend on security, an increasing number of people are concerned that the whole system could come crashing down. Cyber attacks on hospitals and primary care facilities in other countries have massively damaged already fragile health systems. Attacks have caused further delays to patients awaiting treatment and life sustaining operations. If nothing changes, then the same fate may befall New Zealand one day soon.

"Its not a matter of IF but WHEN a major cyber-attack will cause massive disruption to the country’s health sector" claims Scott Arrol, Chief Executive of NZ HealthIT (NZHIT).

But the security problem is not just one of sufficient funding, its also a one of prioritization and implementation of recommendations. The British National Health Service has many similarities to the New Zealand health model and is also chronically starved of resources. Out of date and out of support computer systems, combine with fragmented NHS Trusts to result in security vulnerabilities left unremediated, leaving much of the system open to attack when WannaCry struck in May last year.

According to the UK National Audit Office (NAO) more than a third of trusts in England were disrupted by the WannaCry ransomware, and at least 6,900 NHS appointments were cancelled as a result of the attack, 139 of which were considered urgent. NHS England data shows that at least 80 out of 236 trusts were affected – with 34 infected and locked out of devices. A further 603 primary care and other NHS organisations were infected by WannaCry, including 8 per cent of GP practices (595 out of 7,454).  No information has been published on the larger impact of the NHS outage including reduced patient outcomes or increased mortality, but one can only surmise that despite the best efforts of care givers, some patients were significantly impacted by the NHS's lack of security preparations.

The attack breached NHS Digital via open SMB holes in NHS firewalls and then spread quickly through thousands of unpatched Windows machines. Most infected systems ran Windows 7, but some 18% of systems were still running the no-longer supported Windows XP operating system, which went End of Life in April 2014, some 3 years earlier!

Securing healthcare delivery is not something that can be left on the side lines till next year, to a new budget, or a new administration. The potential impact on the population of a major cyber attack is too great. With the British NHS debacle as a recent example of what can happen if security is ignored, the New Zealand Ministry of Health needs to act now - before its too late!

New Zealand Healthcare steams forward with minimal security.  Photo: Stephen Crowley.

Read More