NHS cyberattack could be a health and safety nightmare

When news broke that NHS hospitals across the UK had fallen victim to ransomware, there was obvious shock and concern. At least 48 trusts were infected, taking computer systems offline and seriously disrupting the treatment of patients.

The full scale of the attack has yet to be revealed, but it is clear that key systems have been compromised by hackers.

What happened?

Each of the affected hospitals has become infected with a special form of the computer virus known as “ransomware”. These infections encrypt files and data, rendering them inaccessible. The only way to regain access is to pay a ransom to the hackers or to restore the damaged files from backup. Depending on how many files are affected, this could take many days.

Security analysts believe that the attack relies on the victim – in this case, the NHS – having the outdated software or inefficient security provisions. It is believed that many of the infected computers at the NHS are still running Windows XP which Microsoft withdrew support some years ago.

The NHS has delayed upgrading and patching their systems for a number reasons, not least the enormous cost involved in such a project. In addition to the cost of upgrade licenses, the trusts each need to test to ensure that clinical systems work properly.

What does it mean for you?

The NHS attack is a warning for all businesses. Insufficiently protected computers anywhere are vulnerable to similar attacks. Any construction firm experiencing a similar infection will find their operations severely disrupted – at potentially significant cost.

Worse still, the inability to access key information has placed patients’ lives at risk. Our reliance on computer systems means that health and safety have now become a digital issue too.

How would losing access to your risk assessments affect site safety? Or any health details you keep on your employees? You rely on these details to plan the measures that keep people safe – without them, your provisions will lack key details and be less safe as a result.

To avoid an NHS-like malware disaster, your business will need to seriously consider how it approaches IT security. Delaying upgrades and patches may help to contain costs in the short term, but could also spell disaster if you do fall victim to cyber criminals.

Don’t be caught out

Your business has a duty to do everything it can to protect employees and members of the public. If a computer systems breach means that you cannot fulfil that duty, you could find yourself in trouble with the HSE and the Information Commissioner’s Office (ICO).

To avoid an NHS-like disaster, you should conduct a risk assessment on your IT systems too – including a check on whether your software needs to be updated. You never know – you may just save someone’s life.

To learn more about risk assessments, please get in touch.