UK: Practical Steps To Protect Your Practice From NHS Cyber-Attack

The global cyber-attack that hit the NHS in Scotland and England over the weekend was reportedly the largest in NHS history.  As GPs and dentists logged on to their computers following the weekend, many were finding that they too had been targeted, resulting in a partial or complete shut-down of their practice until the issue can be resolved.

Naturally, many practices (as well as businesses beyond the Healthcare sector) who haven't been targeted are still concerned about what they can do to limit their exposure to a potential hack.  Below is a list of practical steps that you can (and should) take to make sure that you protect your practice as much as possible in these crucial next few days.

• Back up important data.  The single most important thing you can do to mitigate the risks which ransomware can pose to your practice is to back up all data on a regular (ideally daily basis).  You can't be held to ransom for data which you hold somewhere else!
   
• Make sure your Windows updates are all fully installed and up-to-date. Windows released a security patch to update to their software in March and Microsoft have advised that businesses immediately install this update.
   
• Ensure your anti-virus is up-to-date and run a scan.    If you don't have anti-virus protection, install it now from one of the reputable vendors.  Most will come with an initial free trial period.
   
• Be careful what you click on.   You should only click on emails that you are sure came from a trusted source.
   
• Don't log into personal emails on your work machines. It's most likely that your office emails are routed through a strong anti-virus/spam filter, but it's unlikely that your personal emails will have this protection. 
   
• Avoid accessing social media or forum websites from work computers. These websites are more prone than others to hosting malicious software.  Whilst the main platforms themselves may be safe, they often contain links to less secure sites that can contain malware.
   
• Do not click on links inside cookie banners.  There have been reports of malicious software infecting machines through links contained in cookie banners that appear on most websites.
   
• Speak to your staff.  Ensure that all of your staff are made aware of the risks faced and these simple practical steps.  If necessary update your internal procedures to restrict access to certain sites, even if only in the short term.

Finally, if you have had the misfortune of having your network infected do not do anything without first seeking specialist help.  To date, many who have paid the bit-coin ransom have not received the necessary code to get their files back.  Experts are therefore advising those affected not to pay over the ransom sum.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.