NHS Dumfries and Galloway has just published a statement acknowledging that criminals have started leaking some of its patient data online, following a cyber attack on the health board. The INC ransomware operation is now threatening to leak more data via their dark web leak site. In response to the news, William Wright, CEO of Closed Door Security, and Mike Newman, CEO of My1Login, offer comments.
William Wright, CEO of Closed Door Security, comments: “It’s been almost two weeks since the attack on NHS Dumfries and Galloway was announced, and the attackers are clearly frustrated that they haven’t received a pay out yet.
“But this is unlikely to be a surprise to them.
“The UK government has been very public in its commitment to not pay ransomware actors, and it’s highly unlikely they are going to back down on this.
“Ransomware attackers are aware of this pledge, but they still keep targeting public services and charities, like the Big Issue and Dumfries and Galloway.
“They know they won’t receive a pay out from these organisations, but they continue to attack them. This could suggest the motivation for the attacks are purely to cause damage to the UK, rather than to make money.
“This will be a worrying time for patients of NHS Dumfries and Galloway, knowing that their data has been compromised by criminals. These individuals must be vigilant to scams targeting them via emails. Any correspondence requesting personal or financial information should be verified with the sender before it is actioned.
“We don’t know how the criminals gained access to NHS Dumfries and Galloway, but the incident does act a reminder that all organisations are targets for criminals. They don’t always go after the biggest organisations; small and relatively unknown organisations are just as lucrative, and they often don’t benefit from big security budgets to keep determined attackers out of their networks.
“When it comes to defences, organisations must focus on a layered strategy, which includes running proactive security assessments to find and close exploitable bugs, training employees on attack techniques, and having the ability to segment the network, so even when unauthorised intruders do break in, they can’t travel.”
Mike Newman, CEO of My1Login, adds: “Despite INC being a relatively new ransomware operation, the gang has already targeted multiple healthcare organisations. Research has also shown that INC often uses phishing and social engineering as a gateway to target organisations, so there is a high chance this was the vector used to target Dumfries and Galloway.
“If this is the case, it once again highlights the importance of protecting against this attack vector.
“Organisations can achieve this using modern identity management solutions. These solutions can automate the removal of passwords from the hands of employees for all applications and systems. This means employees never see, know, or manage passwords, which makes it impossible for them to accidentally give away their credentials to phishers. This eliminates password phishing risks and provides organisations with significant improvements to their cyber defences.”
For more cybersecurity news, click here
