NHS Hospitals across England have been hit by a large-scale cyber attack today. They appear to have been simultaneously hit by a bug in the IT systems, forcing many hospitals to divert emergency patients. NHS England and NHS Digital have given statements.

We have spoken to some UK tech security industry insiders to find out some answers: on the kind of online defence we need to take to stop something like this happening again, why and how it may have happened in the first place, and whether we should be prepared for more of the same in future.

Lee Munson, security researcher, Comparitech.com

"Early reports of a large-scale cyber attack against UK hospitals appear to be somewhat misleading, with the implication being that there has been a data breach or huge DDoS attack.

'There is either an issue with the security around the entire NHS network and/or the IT department has been extremely tardy'

"The truth, however, appears to be that many devices have been infected with ransomware - which explains why NHS users are being asked to pay to regain control over their machines and the data on them.

"How this has spread throughout several trusts is not yet clear but it would seem to suggest either that many doctors and other hospital staff have been targeted in quick succession, or that an extremely convincing email containing a malicious payload has been shared far and wide.

"In any event, the incident highlights many issues. Firstly, there is the lack of security training and awareness that has likely led to several people opening emails and/or attachments from unknown senders.

"Secondly, there must be questions as to why this attack has been so damaging in such a short period of time. My thoughts are that there is either an issue with the security around the entire NHS network and/or the IT department has been extremely tardy in taking and restoring backups of essential data." www.comparitech.com

© PA Photos

Jamie Moles, Principal Security Consultant at Lastline

"While security remains a low priority for NHS management, they will increasingly fall victim to these kinds of attacks, which will cause serious problems as it results in the cancellation of treatments while the affected systems are investigated and cleaned up. The National Health Service is one of the largest organisations in the United Kingdom. With an annual budget in the region of £116 billion, it is a massive target for cyber attacks and currently, it’s a poorly defended target.

"There are a number of trusts in deficit and spending on the NHS has dropped in real terms since the recession. Priorities for all NHS trusts are unsurprisingly targeted at medical needs over and above admin and operational needs, but of course this includes IT Security.

Interestingly, the NHS takes a very strict and sanitary approach to dealing with these attacks, shutting down almost all of its IT capabilities while it triages and treats the problem. Why would we expect any different from a medical organisation? Moving forward if we are to prevent these attacks causing delays to treatment and potentially deaths, NHS trusts are going to have to invest in technology to deal with cyber threats. There are plenty of good technologies available to assist in this issue and they can be scaled effectively and cost efficiently to cope with massive organisations like the NHS." www.lastline.com

Paul Calatayud, CTO at Firemon

"The recent NHS hospital attack is an indicator for a new evolution of malware that will focus on critical systems such as airlines and hospitals where paying ransoms may be the only way to resume business operations in some case life or death.

"It’s also a good time to highlight that attacks such as ransomware are only effective if the information residing within their encryption is valuable. To avoid this, the best approach is to prevent these types of malware from being able to grab hold of your systems by deploying intelligent defenses such as a next-gen firewall or next-gen antivirus.

"While the NHS no doubt has taken these and other precautions, the complexity of their security environments may be leaving gaps where attacker can find a way in. Therefore, managing all those security technologies becomes vitally important.

"Another tip is to have a backup plan to ensure the data on these systems is always backed up. If it is, and you are hit with such an attack, you can simply restore and be back up and run in no time. Some backups solutions are better than others, so ensure it’s near-real time for these to be viable options." www.firemon.com

© PA Photos

Javvad Malik, security advocate at AlienVault

“It’s early and details are limited to fully assess what the situation is. However, it appears as if ransomware may have infected NHS hospital systems.

“The attack seems to show that there is no segregation between front-end, back-end, and critical NHS systems. While it is not always possible to defend against all attacks, having critical systems segmented, to prevent being impacted by such a breach could have allowed core capabilities to remain online.

“By having security designed into system architecture, it can make services harder to compromise, or reduce the impact of a compromise.” www.alienvault.com

For more, read NHS cyberattack: hospitals and GPs across the UK hit by hack and Wanna Decryptor: what is the ransomware behind the NHS attack?