NHS Scotland fights cyberattacks every day, Health Secretary Shona Robison has told MSPs, as she confirmed that 20 patients in one health board had operations rescheduled following Friday’s global ransomware attack.
Police Scotland and the National Crime Agency are investigating the attack, which hit 13 Scottish health boards including acute hospital sites in Lanarkshire, GP surgeries and dental practices, as well as the Scottish Ambulance Service.
In a statement at Holyrood, Robison praised NHS workers for their speedy response, saying no patient data had been compromised and there had been no impact on patient safety.
She said less than one per cent of devices were affected and systems were “back working normally by and large”, but she confirmed that NHS Borders and NHS Lanarkshire were worst hit, with 20 patients in the latter area having routine operations rescheduled.
“Although this attack was unprecedented in its scope, with hundreds of organisations affected across the globe, it was not an isolated incident,” said Robison. “In fact NHS Scotland, along with other organisations, face similar attacks every day, most of which are thwarted by the controls and protections that are in place.”
She urged the public sector to be “vigilant” and keep systems up-to-date and fully protected, adding: “There will be a number of lessons arising from these ransomware attacks that we must learn from. Reviews are already under way to capture what can be improved to ensure that we reduce the chances of a similar attack happening in the future.”
An action plan to help the public sector defend against cyberattacks, including preventative guidelines for all organisations, is being accelerated following an urgently convened key cyber-resilience meeting.
The National Cyber Resilience Leaders’ Board (NCRLB) was chaired by Justice Secretary Michael Matheson, while Robison gave her update to Parliament.
Matheson discussed the impact of the attack on Scotland, the multi-agency response and the steps that can be taken to boost cyber resilience across all sectors. He also committed to take forward the public-sector action plan, which includes developing guidelines and standards for all Scottish public-sector bodies to achieve by 2018 and an awareness strategy for public-sector organisations.
He said: “What is evident from this week’s events is that this was a global attack on an unprecedented scale and, whilst we are now seeing systems returning to normal, we cannot be complacent.
“We need to be clear that combatting threats of this nature isn’t something government can achieve alone. Cyber security is everyone’s business and we need to ensure that all organisations have appropriate safeguards in place.”
Hugh Aitken, chief executive of CBI Scotland and chair of the NCRLB, said: “The Scottish Government had the vision to put this board in place to design and execute a protection plan for Scotland, covering both public and private sector. We aim to have our proposals on taking forward this action plan in front of ministers for their approval by June.”
Meanwhile, security experts are examining a potential link in the computer code behind Friday’s attack with earlier ones that could suggest North Korea was responsible.
More than 300,000 computers in 150 countries were infected with the WannaCry ransomware virus.
Marcus Hutchins, a young British computer expert, was hailed a hero for helping to shut down the crippling virus after discovering a so-called “kill switch” that slowed its effects.
Experts are studying similarities between the code used in the WannaCry attack and malware distributed by Lazarus, a hacking group behind attacks on Sony Pictures in 2014 that was blamed on North Korea.
The potential link was highlighted by a researcher from Google who posted a message on Twitter showing a sample of the WannaCry malware that appeared online in February.
Researchers from cyber security company Kaspersky Lab identified clear code similarities between WannaCry and attacks by Lazarus in 2015. The company said: “The similarity of course could be a false flag operation. However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.”
Researchers at US software company Symantec and South Korean antivirus software company Hauri have also noted the similarities. The National Security Agency (NSA) was accused by Microsoft of “stockpiling” information about software flaws for its own operational benefit, rather than working with companies to fix them.
The stockpile was later leaked online, allowing hackers to infiltrate secure systems.
Microsoft’s senior legal voice Brad Smith said it was equivalent to “the US military having some of its Tomahawk missiles stolen”.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here