When the WannaCry ransomware attack spread globally last year, it infected 61 NHS organisations, but the cyber attack has had a far greater lasting impact. In fact, other NHS organisations that weren’t directly affected, such as Milton Keynes University Hospital NHS Trust, have now taken steps to ensure that in the future, if a similar attack was to happen again, they would be better prepared to cope – whether that’s stopping the attack altogether or mitigating its effects.
Craig York, associate director of IT at Milton Keynes University Hospital NHS Foundation Trust (MKUH), explains that on the weekend the attack took place, his team – like many others within the NHS – was busy checking all of the IT systems and what the potential impact and implications of WannaCry could be for their organisation.
“I spent the entire weekend going through every entire system we had. Once we identified what the patches we needed were, thanks in part to Microsoft who were extremely impressive and came to us directly, spending the time on Friday to contact everyone to let them know what the remediation was,” York states.
Although WannaCry shook up the whole of the NHS, York sees the event as a positive in the long-term.
“It was an experience, and it was good to collaborate with other NHS colleagues, and it made everyone think about cyber security very seriously,” he says.
York had in actual fact already sent in a business case for cyber security at the trust several months early, meaning that WannaCry was a good case study to spur on a discussion with executives and get buy-in for cyber security investment.
At the same time, MKUH was named as a global digital exemplar fast follower, so as well as investment from the trust, there was a pot of funding from NHS England and from other trusts which gave it the chance to look at cyber security products it could procure.
West Suffolk NHS Foundation Trust, MKUH’s GDE partner, had already completed a thorough search of the market, and opted for Darktrace’s Enterprise Immune System. As West Suffolk was a similar size to MKUH and also had the same EPR vendor, York and his team took a particular interest into the software.
“We saw a great set up at West Suffolk, with everything that’s happening at the minute and it was very impressive – with Darktrace as part of an overall toolkit of technologies. Darktrace enabled them to see vulnerabilities and risks,” York explains
Despite the interest, MKUH tendered a number of other vendors on cyber security and also looked at expanding out some of the existing technologies it had.
“We use Sophos for anti-virus and Cisco for our network firewalls, and we looked at expanding some of those out, while we were also having discussions with Darktrace,” he says.
Darktrace offered the trust a proof-of-concept, involving bringing in one of the appliances that the trust would have to buy and connecting it to MKUH’s network, feeding in all of the information necessary and allowing it to learn about the organisation’s operations.
“Darktrace came back four times and sat down with me and my team and went through some of the events they captured in the previous week, and that was the gamechanger – we could see the kinds of things that were going on in the network,” he says.
In one example, the team could see that a member of staff had downloaded an extraordinary amount of data from the server, and uploaded it to an external cloud vendor outside of the NHS premises network. The software enabled his team to see what staff member it was, and which PC they were using.
“This was unusual activity for our network and for that member of staff so it makes you question what’s happening and what kind of data it is,” he says.
In actual fact, it was a member of the trust’s comms team taking a number of policy documents and uploading them to a new corporate website.
But York says it could have been something much more serious – and the trust didn’t have the ability to spot it before.
While this is clearly a step in the right direction, York is already looking at using more advanced features in the years to come.
“We want to push out more of the autonomous response system so that even if someone from our team isn’t at the hospital at the time, and if Darktrace thinks there is a threat, we can give it the ability to take action, so it would be defending our network for us,” he says. “AI really excites me.”