Effective cybersecurity is fundamental to patient safety
BMJ 2017; 357 doi: https://doi.org/10.1136/bmj.j2375 (Published 17 May 2017) Cite this as: BMJ 2017;357:j2375
- Guy Martin, clinical research fellow1,
- James Kinross, senior clinical lecturer11,
- Chris Hankin, director2
- 1Department of Surgery and Cancer, Imperial College London, London, UK
- 2Institute for Security Science and Technology, Imperial College London,
- Correspondence to: C Hankin c.hankin{at}imperial.ac.uk
The global WannaCry ransomware attack has had a disproportionate effect on the UK healthcare sector, highlighting the poor state of cybersecurity in the NHS and the failure to recognise it as a fundamental matter for patient safety.
WannaCry is trojan malware designed to extort money by holding files to ransom. It exploits a known vulnerability in the Windows operating system that was initially identified and patched by Microsoft in March 2017, with a further patch released after the event.12 The attack is widely reported to have used system exploits released by the hacker group the Shadow Brokers but originating from the US National Security Agency. Once a computer is infected the malware creates encrypted copies of files before deleting the originals; the only way to retrieve affected data is to pay the bitcoin ransom. Computer systems across more than 150 countries have been infected, and only the fortuitous intervention …
Log in
Log in using your username and password
Log in through your institution
Subscribe from £173 *
Subscribe and get access to all BMJ articles, and much more.
* For online subscription
Access this article for 1 day for:
£38 / $45 / €42 (excludes VAT)
You can download a PDF version for your personal record.