NHS cyber attacks hit record levels in four in five trusts after Russian invasion

·4 min read
Boris Johnson visits President Zelensky in Kyiv in June. NHS cyber attacks have soared since his visit to the war-torn country in April - UKRAINIAN PRESIDENTIAL PRESS SERVICE
Boris Johnson visits President Zelensky in Kyiv in June. NHS cyber attacks have soared since his visit to the war-torn country in April - UKRAINIAN PRESIDENTIAL PRESS SERVICE

Four in five NHS trusts have faced record levels of cyber attacks following the Russian invasion of Ukraine, data show.

Suspicious activity such as phishing and connections to the dark web have soared in recent months, with the NHS 111 service being hit by a ransomware attack earlier this month.

Research from Armis, a company that provides software that prevents and monitors cyber attacks, shows that 80 per cent of NHS trusts have seen record levels of suspicious activity since April, when Boris Johnson flew to Kyiv to publicly support President Volodymyr Zelensky against Putin’s aggression.

“Healthcare has always been a prime target for cybercriminals, as well as providers of services to these Trusts that are so critical to societal well-being, and the NHS is particularly vulnerable” Andy Norton, the European cyber risk officer at Armis told The Telegraph.

Roughly a third of NHS trusts in England use Armis’s software, Mr Norton said, with some trusts seeing a three-fold increase in nefarious activity.

“Armis is a monitoring platform that a lot of trusts are using to demonstrate appropriate and proportionate security metrics with best practices,” he added.

'May or may not' be consequence of PM's Kyiv visit

“Part of the value of the platform is it alerts organisations when there are suspicious or malicious activities in the environment, and we started to see an uptick in the frequency of these in and around mid-April.

“Normally, what often happens in the cyber realm can be a consequence of something that happens in geopolitics, in the physical world.

“When we take into account the mid-April beginning of this activity, what we find is that coincidentally this was the secret Kyiv meeting that Boris Johnson travelled to.

“This trend which occurred within a week of him going there may or may not be a consequence of that, but certainly something happened in April that caused this general trend of suspicious activities to go beyond previous thresholds.”

He added that much of the activity is automated, but some is clearly done by human beings as there are peaks and troughs in line with the work week, with fewer hack attempts on a weekend.

Anonymous data seen by The Telegraph showed a varied pattern of cyber activity targeting numerous NHS trusts, with the trend spread geographically across the country.

“Targeting any health service erodes confidence in the Government, erodes confidence in the health service and becomes a political weapon that has a destabilising effect on the target,” Mr Norton said.

“How we now deal with this increased level of threat is a real measure for how effective and resilient the health service will be going forward.

“Trusts' abilities to protect themselves from these threats have remained the same since pre-April.

“What is clear from these figures is that NHS infrastructure is being targeted more heavily than ever before, so gaining visibility and understanding of all connected assets is vital to the health of these critical services."

Health sector facing 785 cyberattacks each week

The cybersecurity expert added that Armis will now focus their research efforts on Taiwan to see if the visit of Nancy Pelosi, which has stirred up US-China tensions, will be followed by an increase in cyberattacks on healthcare services.

Deryck Mitchelson, the field chief information security officer (CISO) at cybersecurity firm Check Point and former NHS Scotland CISO, is warning the UK’s healthcare sector that it is facing an average of 785 cyberattacks a week.

“Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients,” he said.

“As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyberattack.”

“Defending a broad infrastructure is not an easy job but the sector, including its suppliers, absolutely needs to be on critical alert for a major cyberattack.

“There are steps that can be taken now, whether that is engaging more with people on the ground or by implementing effective solutions to secure all endpoints and prevent even the most sophisticated threats.”