by Amanda Steward @ Pushfor | 16th May 2017 10:37 am
If the NHS admitted a patient suspected with a highly contagious virus then the patient is immediately fitted with a mask and put into quarantine. The patient is not wheeled around from ward to ward to infect as many other patients, visitors and hospital workers in its path as quickly as possible. Instead the virus is immediately deprived of the environment that is enabling it to spread quickly and efficiently.
If the same triage process was applied to the “Wannacry Virus” would this have stopped the rapid spread through the NHS, which impacted 1/5th of all NHS Trusts? Part of the issue lies with the NHS continuing to operate legacy Windows environments in a large majority of Trusts, including the classic Internet Explorer 7, which in the words of Microsoft is no longer suitable for enterprises to deal with current cyber security threats. The NHS is a complex organisation operating many legacy technologies, so the program of upgrading legacy systems is part of their long term digital strategy, but at the same time legacy support needs continual support.
When you combine the threat of ongoing “virus” and then the “double whammy” of GDPR it is not a good time right now for the IT teams within the NHS.
It is more than likely that the “Wannacry Virus” found its way into the NHS by being attached to an email thread albeit this has not been formally confirmed. This is a very easy within the NHS as one computer may be shared by a mixture of permanent and temporary staff, making policing of email attachments at a user level a very cumbersome task. This is further complicated by NHS staff, often using personal devices to take patient images, making patient notes or even taking copies of patient notes as it is easier than accessing the system. Therefore, the NHS email systems will constantly be receiving attachments from internal sources, patients and from staff personal devices. Enforcing any sort of security policy becomes incredibly difficult and the GDPR issues this creates is not even worth discussing in this blog.
Even though email attachments are not the sole method in which viruses like this spread, once a virus has entered a network it can easily inject malware malicious code into actual documents or images. Sending emailing attachments is common practice within any organisations and therefore organisations need to truly address the issue of behavioural change and we need to adopt procedures for IT that we already have in place in everyday life
So, as well as the wake-up call from Microsoft, Pushfor believes the secondary wake-up call should be, that to prevent the speed at which malicious malware spreads, STOP sending content in the first place. And yes you can share content without sending it through a PUSH – a new patented technique that effectively projects an image of the content avoiding anyone coming in to contact with the malware. This would allow all NHS staff to access and share content whenever and where ever they need to without the risk of coming into contact with and/or passing on the infection.
Content drives businesses, and if ransomware attacks the actual content then the damage can be catastrophic. In this latest ransomware attack data is encrypted and potentially lost as opposed to being exposed to malicious 3rd parties. If a similar attack took place, but exposing data post May 2018 when GDPR is in effect, then on top of the chaos and disruption we have seen since Friday there will also be potentially business crippling fines by the regulators.
Email and content are typically subject to the biggest security risks that organizations face. Wake up and don’t send content PUSH IT. PUSHDONTSEND.
Source URL: https://www.gdpr.associates/pushfor-rapid-spread-wannacry-virus/
Copyright ©2019 GDPR Associates unless otherwise noted.