News
Commentary from Semperis on Wirral Hospital cyber incident
November 2024 by Daniel Lattimer, Vice President, Semperis
After the cyber incident facing Wirral University Teaching Hospital,the commentary from Dan Lattimer, Semperis, AVP, EMEA West.
The cyberattack on Wirral University Teaching Hospital is a despicable and shallow effort by money hungry criminals to extort money and put the lives of patients at risk. I am encouraged to see that Wirral’s security team has activated its business continuity processes as it works to restore itself to full operating capacity and hopefully disruptions across the NHS Trust can be limited. Undoubtedly, patient care is their biggest priority and while delays are inevitable, healthcare organisations have been in the crosshairs of ransomware gangs for years. I am confident their staff has adopted a more hands on approach to patient care including filling in charts in a traditional way with paper and pen, if electronic devices and emergency room equipment is offline.
Ransomware attacks are calculated and intentional because hackers know hospitals are more likely to pay a ransom in the manner U.S. based Change Healthcare did after it was attacked in February. In fact, Semperis found that nearly 70 percent of global healthcare organisations have paid multiple ransoms in 2024.
Today, it’s imperative for hospitals to conduct day-to-day operations assuming breaches will occur. Overall, ransomware attacks cause disruptions and cast doubt, cut into profits, and in some cases can be a matter of life and death. Preparing now for inevitable disruptions will dramatically improve hospitals’ operational resiliency and better prepare them to turn away adversaries, leading the threat actors to softer targets downstream.
Today, there’s no silver bullet that will solve the cybersecurity challenges facing hospitals. First, identify the critical services that are “single points of failure” for the business. Second, have a plan for “what to do if.” And keep in mind that in 90 percent of ransomware attacks, the hackers will compromise the organisation’s identity system, most often Active Directory, which stores the crown jewels of the business. In the case of hospitals, it is patient data and other forms of proprietary information. So have a plan to increase the operational resiliency of Active Directory and back it up so that if a cyberattack occurs it can be restored quickly.
