The WannaCry ransomware and how it (doesn’t) affect us

There’s been a great deal in the news over the past few days about the already infamous “WannaCry” (AKA “WannaCrypt”, “WanaCrypt0r”, “Wanna Decryptor” etc.) malware that’s spread like wildfire across the world, most notably infecting numerous NHS trusts. You may not already know that Isosec was built from a security background, we have cybersecurity expertise spanning 50 years. With this in mind we thought we’d let you know just what on earth is going on, how it might affect you, and how it, thankfully, doesn’t affect Isosec (despite the similarities in the name of other companies involved!).

What is it?

First and foremost we go onto the question that’s on most people’s minds; just what exactly is this thing? Well, “WannaCrypt” is a type of malware (malicious software) known as “ransomware”, which is software that will encrypt all of your most important files and folders, and then quite literally hold them ransom, asking you to make a payment in order to decrypt them for use (which more often than not is the worst possible thing you can do).

Now that the technical jargon is out of the way, a practical example. You receive an email with an attachment, you open this attachment and it runs a program on your computer, this program locks away all of your files with a password you don’t know, and then demands a sum of money in return for that password. Sound bad? It is! Ransomware has been around for many years in various forms, but what’s getting worse is not so much the programs themselves, but the way in which they spread.

In the case of “WannaCry”, the evidence thus far suggests that it’s capable of spreading across the entirety of a local network with ease, infecting every other computer on the network that isn’t up to date enough to protect against the vulnerability. Now if the “not up to date” part of that spiked your interest, that’s for good reason…

Staying safe

Whilst the usual security principles come into play here – always run an active anti-virus and keep a malware scanner to hand, don’t open unknown attachments, stay away from unfamiliar websites etc. – there is one that rises above all others in terms of importance; keep your computer up to date. The vulnerability in Microsoft’s Windows product that allowed the “WannaCry” attack to take place was fixed back in March of this year, meaning that the average computer was already safe by the time the attack began. But if you don’t regularly update – and don’t have automatic updates switched on – then you were, and possibly still are, at risk.

How this (doesn’t) affect Isosec

Due to the nature of Ransomware, attacks such as these are unlikely to affect us as a company. Our internal security policies keep us out of harms reach, and the fact we ship software rather than hardware means we’re not in the crosshairs of these sorts of attacks. But that doesn’t mean we can wash our hands of any responsibility, instead, it’s important to look at how we can help you to prevent these problems from happening.

Let’s use MIA Maternity as an example. MIA Maternity is completely offline-capable, and while that’s important for midwives who use our software in areas of limited or no connectivity, it’s even more important when a large scale cyber attack such as this one occurs.

This is because even though the Trust owned servers that hold the all important patient data might be compromised, the mobile devices remain functional, with a recent copy of all the patient data required to work. Midwives can continue to work without issue, and patient care isn’t compromised. Better yet, there’s no need to revert to older paper-based backups, midwives can continue to enter data into MIA Maternity, and it will be sent back to the server once the issue has been resolved by the Trust.

 

Here at Isosec we take security very seriously. It’s baked into how we make software, and is something on the minds of everyone here constantly.

Digital Health Summit 2015: A Review

Yesterday saw hundreds of enthusiastic forward-thinkers from all sorts of NHS backgrounds descend on Salford for the Digital Health Summit 2015. If you follow Isosec on Twitter you will know that we had a brilliant day networking and enjoying the buzz of impending transformation! We’d like to extend a huge thank you to Salford One CPD for hosting and putting the day together, and we’ve taken it upon ourselves to try and summarise the day’s events for anyone who may have been virtually following from further afield.

So Isosec arrived around 8.15am having been in the night before to prepare and set up and the delegates were already starting to appear, much coffee was drunk! There was a little time for some introductions and chats before Shahid Ali, GP & Professor of Digital Health at Salford University opened the day with some encouraging comments on the future of the NHS. Shahid was followed by a short discussion from Mike Farrar (former chief exec. for NHS Confederation), Mark Davies from main sponsors MedeAnalytics and Professor Simon Jones (Chief Data Scientist at MedeAnalytics and Professor at NY University). The three of them combined offered a range of angles about linked data across health and social care and succinctly demonstrated how all levels through the NHS will benefit from the views of the clinicians, the senior manager and the epidemiologist. They were followed by another perspective offered by Adam Crevald from Nottinghamshire County Council who gave a case study on how linked data and care systems can work within large-scale organisations as well of some of the benefits.

Isosec at the digital health summit

After yet more coffee (as if we weren’t all excited enough) our personal highlight of the day came from Lord Victor Adebowale who managed to combine a personal and agenda-less perspective with very knowledgeable and informed content from his experience in varying areas of health and social care (Chief Exec for Turning Point and Non-Exec Director for NHS England); not to mention a very professional but highly honest and engaging delivery from which everyone could take something away from. Lord Adebowale was advocating how now is the time for leadership in Digital Healthcare, and wherever it may come from,

‘We need to use the power of the NHS brand to lead the way for technology in healthcare.’

– (Lord Victor Adebowale, Digital Health Summit 2015).

It is very important for everyone in the UK to continue being proud of the NHS, despite it’s hardships, and we agree with Lord Victor that the technology is most certainly out there, it is now time to ride the digital wave and break through. Once everyone is on board and solutions are implemented, only then can we begin to standardise. We must not wait for rules and regulations to come first- they will follow once we know what works, whatever those solutions may be.

Isosec know from working with Imperial College London on our MIA Maternity solution that it only took one forward-thinking lady in a position of leadership to break the mould and come to us for a solution, despite being unsuccessful in the tech fund bid, despite spanning a multitude of disciplines, despite needing to build a new, more efficient workflow- now they have implemented a solution that has been specifically tailored to their needs and are able to polish and refine the process. Those leaps of faith are possible and do pay off! Imperial are rolling out their solution to 105 midwives.

As you can probably tell, we found the Digital Health Summit 2015 very inspiring; it was great to have so many people all in one room who are passionate about the future of the digital NHS. The afternoon consisted of eating, and networking, and some more eating, and networking. Followed by seminars from several companies on various topics around digital technology in healthcare. There were talks in the afternoon from David Haslam (Chair for NI for Health Care Excellence) as well as some of the other exhibitors from the day. Isosec were thrilled to deliver their community healthcare seminar, and would like to extend a huge thanks to everyone who came along and took part, we finished around 16.30pm.

It was great to find an event like this just minutes away from out central Manchester based office in a place of great change for the NHS and the very hub of DevoManc, it felt like a very special place to be for the future of health and social care digital technology.

Isosec at the Digital Health Summit 2015

If you’d like any more quotes or updates from the day itself please follow us on twitter: @isosec.