Unraveling Cyber Threats: A Deep Dive into the WannaCry Attack on the NHS

Introduction

Cyber attack is an attack from one or more computers against another computer or networks. The issue of cyber attack is increasing day by day, where the organisations face difficulties to protect the personalise database and maintain data security in the organisational context. In this study, the case report on WannaCry virus hits the National Health Service (NHS), 2017 will be analysed, where it is possible to evaluate the cyber attack activities for which the security issue of the personalise database of the NHS arose (Brown, 2018). The study also provides a scope to discuss the cyber attack in NHS for which the representative of the organisation face difficulties to manage data security, where the personal data has been hacked through a virus in the computerised system.

Data theft and the case study analysis

Cyber attack is the practice of using cyberspace for the purpose of disrupting, disabling, and destroying and mismanage of the computer system for data hacking and fulfilling the other purpose of the hackers. It further destroys the integrity and there is data loss for which the organisational computerised system cannot be handled efficiently. The data hacking and using personalise information for some negative purpose is a crime, where the organisations face problem to manage the ethics and legal compliance of the business successfully. In this regard, as per the case study of WannaCry virus hits the NHS, 2017, the hackers are efficient to gain access to the NHS computerised system in mid 2017 which cause chaos among the UK medical system. NHS is a famous health and social care organisation and it is efficient to provide quality treatment and efficient services to the people, where all the individuals living in the UK can access the quality treatment and care at affordable price (Hansen and Nissenbaum, 2009).

The cyber security in the organisation is necessary for protecting the service users where it is the responsibility of the service providers to manage safety and security of the personalise information of the service users. In this regard, UK has experienced one of the most crippling cyber attacks in the year of 2017, where NHS faced difficulties to handle their customer’s data and personal information. The WannaCry virus infiltrated the NHS computer system which results data theft in the system. It breaks down the whole system where the medical professionals and social workers fail to collaborate with each other and it becomes difficult to manage the patients in the NHS. It affects the British citizens, where their personal data has been hacked as well as the organisational personal financial data and information has also been hacked. This is one of the biggest incidents in the UK where hacking and the cyber attack break down the whole system of NHS (Elsom, 2017).

The hackers manage to gain the access to the NHS’s computer system in mid 2017 which cause chaos in the medical system of the UK, the citizens are affected negatively as the health and social care professionals fail to manage the patients and t becomes difficult for them to manage the computerised system as they are all offline and could not access the online portal and data management devices. The same hacking tool was also used to attack worldwide freight company FedEx and it further affects infected computers across 150 countries. Ransomware named "WannaCry" was delivered via email as an attachment to the computerised system of the NHS and it has been spread over other computers though the Wi-Fi system and the hackers become successful to hack the data and necessary information of the organisation. Once clicked in the attachment, the virus has been spread through their LAN service and computers and locking up the files. NHS has been down more than a numbers of days due to such hack, where the medical supervisor and health care management team fail to manage the database and cloud computing and it affects the patient management and customer’s services in the organisation (Elsom, 2017).

Due to such cyber attack in the NHS, there are legal issues such as breach of contract law suit, negligence lawsuit and regulatory enforcement which raises issues to manage the safety and security of the patient’s data as well as safety of the organisation as the organisational personal data, financial statement has also been hacked through the virus. There are other legal issue related to the cyber attack case in NHS, which are data gathering problems, accessing costs and security liabilities, and lack of privacy. The organisation NHS fails to manage privacy in the organisation, where the patient’s data and organisational financial information has been hacked by the hackers. There are also ethical issues, arose from the cyber attack in the NHS, and the ethical issues are such as lack of integrity and objectivity, poor professional competence and lack of management of transparency and confidentiality. The professional behaviour was also violated where the organisation fails to manage the data security and confidentiality of the information in the organisation (Herbert, 2019). On the other hand, there are some professional issues, which are lack of honesty, lack of integrity, poor respect and professionalism. As well as there are lack of transparency and accountability which further hamper confidentiality in the organisation.

The organisation NHS faces difficulties and it is hard for the organisation to manage the workplace and maintain the patients across the country.teh cyber attack breaks down the smooth pace of the organisational activities and it affects the data management system negatively. It further hampers the data management and the organisation fails to provide fair treatment and care service to the patients (Malecki, 2019). The organisation is also suffering to manage the financial data and cloud computing and it hampers the safety and security of the patients. Lack of trust and loyalty in the organisation further hampers the smooth operational activities, where the stakeholders, engaged with NHS fail to collaborate and communicate to perform better (Cavelty and Balzacq, 2016). The breakdown of the data base system hampers the organisational performance as a whole which raise professional issues as well as legal compliances for which the health care professionals and service workers fail to deliver high quality medical services to the patients across the country. Hereby, it is necessary or the organisation NHS, to take corrective actions to protect their data base and recover the old database in order to stabilise the whole management system so that the organisation is able manage their patients and deliver fair treatment and equal opportunities to the patients to access the quality care of NHS.

Utilising GDPR for tackling the issue of cyber attack

NHS reported the case and Information Commissioner’s Office (ICO) took corrective actions to stabilise the whole system and in this regard the ICO provided immediate guidance to the organisation. In-depth investigation has been done by ICO to tale regulatory action against the hackers and it is also possible for ICO to take active measures to protect the day and manage the breach (Cavelty, 2007). Reported data breach is invested properly in order to identify the data security, where the National Cyber Security Centre (NCSC) and other law enforcement or cybercrime agencies, and other regulatory agencies are collaborative to take corrective actions. Addressing the data security, the principle of General Data Protection Regulation (GDPR) is also imposed where appropriate technical and organisational measures are useful to protect the data (Barsan, 2017). Through imposing General Data Protection Regulation Act 2018, it is possible for the agencies to manage confidentiality and integrity and it further helps to protect the data and manage the database of the organisation.

ICO also imposed fine on the company to penalise the system where the ICO could issue up to 4% of global annual turnover penalty on the company due to breach of contract of data protection and integrity (Gilbert, 2017). Hereby, there are proper protection and the agencies to manage the incident of cyber attack and it would be possible for the organisation to protect personalise the data and stabilise the system in long run. There are certain measure through which the organisation NHS can protect their database and prevent further cyber attack which are providing training to the employees to manage their database, hiring IT experts in NHS, installing and downloading software updates, developing suitable operating system and applications, making backup copies for important business data and information, using firewall for internet connections, regularly change passwords, limiting the access of the employees for data, securing the Wi-Fi network in the organisational workplace (Lockaby, 2018).

Conclusion

Cyber attack is a major crime in the recent era of digitalisation, where the incident in NHS hampers the business negatively. The database of the organisation has been hacked and it breaks down the whole organisational activities, where the medical professionals fail to manage the patients across the country and it also become difficult to manage their financial data. It is hereby necessary to take corrective actions and protect the data under GDPR so that it would be possible to prevent further cyber attack.

Reference List

Barsan, I.M., 2017. Legal challenges of initial coin offerings (ICO). Revue Trimestrielle de Droit Financier (RTDF), (3), pp.54-65.

Brown, T., 2018. Are miserly budgets putting businesses at risk of cyber-attack?. Computer Fraud & Security, 2018(8), pp.9-11.

Cavelty, M.D. and Balzacq, T., 2016. Routledge handbook of security studies. London: Routledge.

Cavelty, M.D., 2007. Cyber-security and threat politics: US efforts to secure the information age. London: Routledge.

Gilbert, S., 2017. Can a cyber insurance policy keep businesses ahead of information-security risk?. Journal of Data Protection & Privacy, 1(3), pp.321-328.

Hansen, L. and Nissenbaum, H., 2009. Digital disaster, cyber security, and the Copenhagen School. International studies quarterly, 53(4), pp.1155-1175.

Herbert, S., 2019. Preventing software from opening doors to the network. Network Security, 2019(4), pp.13-15.

Lockaby, C.D., 2018. The SEC Rides into Town: Defining an ICO Securities Safe Harbor in the Cryptocurrency Wild West. Ga. L. Rev., 53, p.335.

Malecki, F., 2019. Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), pp.8-10.