LulzSec has outed the British paper-pushing institution and queue-inspired themepark the NHS for its poor security measures.
The group, which has got under the skin of both Sony and Nintendo, said to the NHS that it isn’t considered an enemy – but it managed to grab some admin passwords anyway. Typically, instead of stepping back from bureaucracy for a minute, the Department of Health swiftly denied it was a problem.
“No national NHS information systems have been affected,” the DoH told the BBC. “The Department has issued guidance to the local NHS about how to protect and secure all their information assets.”
The problem is, LulzSec operates on what could be described as “hacktivism”. Like that other group in the public’s eye, Anonymous, it doesn’t seem to be a centrally organised force – rather, a collective of hackers who are steeled by a similar agenda. In this instance, whether the NHS breach was significant or minimal, it should consider itself lucky.
Around the world, it’s no real secret that cyber offensive teams are being trained and cultivated. That’s not scaremongering but fact – India publicly boasted about its teams in statements to the press.
Attacks on infrastructure and utilities are imminent at the least, according to some security professionals familiar with government. “There’s already been attacks and threats to hospital infrastructure and financial institutions, while there’s been numerous security warnings of cyber attacks from China on utilities and infrastructure,” an expert familiar on the matter told TechEye.
Liam Fox, Defence Secretary, recently came out of the woodwork to admit that the MoD had faced attacks from China.
Whether on a geopolitical level or from local hacking groups, security is something the DoH and the NHS must take very, very seriously. It is “an incredibly important consideration,” according to an Ovum analyst who interviewed hospital CIOs across the board. At the same time, it seems it is something the UK is just beginning to come to terms with.