Wirral hospital cyberattack highlights ransomware risks
The ongoing cyberattack on Wirral University Teaching Hospital has raised concerns about the vulnerability of healthcare systems to ransomware.
Dan Lattimer, AVP for EMEA West at Semperis, criticised the attackers, stating, "The cyberattack on Wirral University Teaching Hospital is a despicable and shallow effort by money hungry criminals to extort money and put the lives of patients at risk."
Lattimer highlighted the importance of the hospital's quick response, noting, "I am encouraged to see that Wirral's security team has activated its business continuity processes as it works to restore itself to full operating capacity and hopefully disruptions across the NHS Trust can be limited." He added, "Undoubtedly, patient care is their biggest priority and while delays are inevitable, healthcare organisations have been in the crosshairs of ransomware gangs for years."
He expressed confidence in the hospital staff's ability to maintain patient care during system outages, saying, "I am confident their staff has adopted a more hands on approach to patient care including filling in charts in a traditional way with paper and pen, if electronic devices and emergency room equipment is offline."
Lattimer noted the recurring nature of these attacks, explaining, "Ransomware attacks are calculated and intentional because hackers know hospitals are more likely to pay a ransom in the manner U.S. based Change Healthcare did after it was attacked in February."
He referenced findings from Semperis, stating, "In fact, Semperis found that nearly 70 percent of global healthcare organisations have paid multiple ransoms in 2024."
Lattimer urged healthcare facilities to prepare for potential breaches, advising, "Today, it's imperative for hospitals to conduct day-to-day operations assuming breaches will occur."
"Ransomware attacks cause disruptions and cast doubt, cut into profits, and in some cases can be a matter of life and death."
He suggested that preparation is essential to improve resilience, stating, "Preparing now for inevitable disruptions will dramatically improve hospitals' operational resiliency and better prepare them to turn away adversaries, leading the threat actors to softer targets downstream."
Lattimer also highlighted the necessity for a proactive approach, "Today, there's no silver bullet that will solve the cybersecurity challenges facing hospitals. First, identify the critical services that are 'single points of failure' for the business. Second, have a plan for 'what to do if.'"
He pointed out the vulnerability of identity systems during such attacks, saying, "Keep in mind that in 90 percent of ransomware attacks, the hackers will compromise the organisation's identity system, most often Active Directory, which stores the crown jewels of the business. In the case of hospitals, it is patient data and other forms of proprietary information."
To mitigate this risk, Lattimer recommended, "So have a plan to increase the operational resiliency of Active Directory and back it up so that if a cyberattack occurs it can be restored quickly."