NHS cyber attack: Doctor who predicted hack says scale makes him 'worry about who is behind it'

Exclusive: Dr Krishna Chinthapalli says experts must now race to decrypt the ransomware and identify the 'root cause' of the attacks

Click to follow
The Independent Online

A doctor who predicted a cyber attack on the NHS in an article published just two days ago has said he had “no idea it would be on this kind of scale”.

Dr Krishna Chinthapalli, a neurology registrar at a London hospital, told The Independent the enormous scale of the attack made him “worry about who is behind it”, adding that experts must now race to decrypt the malware and identify the “root cause” of the attacks.

Dozens of hospital trusts across the country have been plunged into chaos this evening with scheduled appointments cancelled and emergency patients diverted following a huge cyber attack. 

The NHS was just one of the victims of the hack, with computers elsewhere in Europe and in Asia taken over, too. 

The neurologist said the hackers appeared to be using ransomware, a specific type of malware which locks the owner out of their computer until they pay to get back in - but he said he was worried the attack could be something even more sinister.

“It looks like hackers are demanding ransom payments, so it might just be a group of hackers with financial motives," he said. "But of course everyone is worried about cyber security and cyber terrorism on a larger scale these days, so who knows…"

Dr Chinthapalli, who had his article, 'The hackers holding hospitals to ransom', published in the British Medical Journal (BMJ) on Wednesday, described NHS organisations as the “ideal victims” of cyber attacks, and said dozens of smaller hacks had happened in the past. 

"This has been going on for at least a couple of years now, where hackers are targeting hospitals," he said.

“From a Freedom of Information request we know that over one third of NHS trusts have admitted to being hacked - but [in the past it seems to have been] individual organisations [targeted].”

He said hospitals affected by today's attack - which is on an unprecedented scale - might choose to pay the hackers to release their computers, as had happened in the past.

“In my article I mention that one hospital came out publicly last year and said that they had paid a ransom to the hackers… it may be that others decide to do that," he said.

Otherwise, IT security companies will need to be employed to decrypt the ransomware, he said, adding that he believed the government was already involved in handling the hack, as well as the wider NHS.

"Decryption has to be the key," he said. "And it’s time sensitive - so the longer the hospital computer is locked down, the longer it means you don’t have access to patient information.”

Hospitals are "ideal" targets for hackers, he said, because it is so imperative that doctors have access to patients records at all times. 

"Hospitals need access to those records day in day out," he said. "If you lock systems we can’t access blood tests or scans or clinical information, so what drugs patients are taking - what medications - what the dosage is, what they’re allergic to, all of that for example. That severely hampers what I can do - so today I saw patients and with virtually all of them I was accessing a computer during the conversation."

Targeting hospitals could prove very lucrative for hackers he said, with medical records selling for ten times more than credit card information on the black market. 

There are several things unaffected hospitals can do immediately to ensure their safety, he said - firstly they need to warn users not to click on suspicious links or open suspicious emails, and instead to report and delete them. IT departments need to install anti-virus firewalls. And, most importantly, hospitals should frequently back up patient data. 

"Papworth hospital [in Cambridgeshire] was attacked and the head of IT there said they were lucky because they had backed up the data just a few minutes before," he said. "Now they back up their data every hour and they store it on older technology, magnetic tapes, and that has the advantage that it cannot be manipulated by the internet."  

He said the purpose of his BMJ article was to raise awareness of the NHS' vulnerability and encourage hospitals to take steps to prevent an attack. 

"Unfortunately it’s too late for that now," he said. "But hopefully unaffected NHS organisations can still learn from this and take immediate action."

Comments