CIS7028 NHS Ransomware Incident Case Study Report Answer

Introduction

The application of proper preventive measurement of cyber attacks can provide a huge amount of support in managing various operations. In the recent couple of years, UK organisations are facing a huge amount of issues which affected the production of the origination. Among the major types of cyber attacks, the NHS faced a huge amount of issues in the year 2022 due to the higher rate of ransomware attacks. The background of the incident along with the proper description of the attack and losses by the organisation are going to be evaluated in this report. This report also includes different details of the vulnerability and the process of the overall manifesting of the attack.

Background of the Incident

NHS is one of the major healthcare organisations that majorly manage overall health activities. Due to the covid-19 scenario and different losses in the overall organisation, the organisation faced a huge amount of issues that affected the overall operation of the organisation. The overall UK was majorly hit by a huge amount of ransomware attacks during the first week of August 2022 (The Guardian, 2022). The overall software supplier of the NHS faced a huge amount of cyber security issues which affected the overall operation of the organisation. As per the overall entity computer system, different types of phishing attacks through the media affected the overall outcome of the entire NHS system. Integration of VPN networks has been used by the employees by assessing their internal computer systems.

Different types of rogue actors deploy a proper piece of malware which encrypts the overall computer systems that make it impossible for accessing the overall content. Demanding money in exchange for the overall description of the computer is the primary factor which helps the management to get better support. Including the ransomware attacks, the business management created a huge amount of issues with the operation of websites for different types of stolen data.

Description of the Attack

Currently, most organisations are facing a huge amount of issues that affect the environment. Among the major types of cyber attacks, the application of ransomware is one of the well-known cyber issues that affected most of the entire system by a huge amount. The attack was done by the criminals on the morning of 4th August which caused a white spread of different types of outages across various types of overall operations (Adams, 2022). This targeted attack was done by advanced technologies. The advanced company also provides software for various parts of health services affecting different types of services including ambulance dispatch, patient referrals and out-of-hours appointment bookings which created a huge amount of issues for the overall health operations of the NHS in a particular environment. The impact of this attack occurred due to the application of advanced systems which directly or indirectly hit the overall system of the organisation. This type of cyber attack also included various types of Adustra which help 111 call handlers helping the doctor to access different data and care notes of the patients. Due to this type of outage, a huge amount of mental health issues are faced by the patients. Not only the care notes, caress, cross care and other categories of the health care organisations' usages. Due to the different types of advanced technologies used by cyber criminals which affected the overall environment of the organisation.

Health service application has reported that at least 9 mental health trusts had been affected by the overall outages that reduce the accessibility of the management to the patient's record. Different advanced software has been used in the 36 acute or mental health trusts in overall England. Evaluating the overall factors, it can be depicted that a total of 111 NHS systems are being affected by the ransomware attack (BBC News, 2022). The cyber attack was also used to identify different types of patient factors for care including the out-of-our-appointment booking ambulance being dispatched out of our scare and triage-related alerts. It also targeted the overall financial system of the organisation which affected a huge amount of issues for the NHS.

Losses Faced by the Organisation

Due to the higher rate of advanced technologies, it has been identified who is affected by the overall 111 telephone line of the NHS. The Adastra affected the overall operation of the organisation which has been used by up to 85% of the NHS 111. Not only the overall activities of the helpline number, it has been identified that the cyber attack also affected a total of 80 hospital trusts and 595 GP practises all over England which created a huge amount of issues for the organisation (The Guardian, 2022). Different types of critical devices and equipment are also affected by the overall operation of this system which affects the different types of operations in a particular environment. Among the major clinical and medical technologies, blood test analytics and MRI scanner were also affected, creating a huge amount of issues for the organisation.

Details of Vulnerabilities Exposed by the Attack

There are different vulnerabilities faced by organisations which affected the overall NHS environment that created a huge amount of issues for organisations. The healthcare software solution-providing organisation Advanced confirmed that different types of plant data were majorly extracted and excessed by the overall hackers during the different types of cyber security incidents, especially in the year of August 2022 (Digital Heath, 2023). This variant of malware is majorly used by the overall preparators named LockBit3.0 during the cyber attack which also left some trust without having proper access to different types of key software systems for the last 2 months.

Process of Manifesting the Attack

Ransomware is one of the advanced cyber attacks which affected the overall operation of the organisation by a huge amount. Different types of information on the favourite attack done on the NHS, it has been identified that cyber criminals used a proper process for scanning out the random attacks in the overall environment. Among the major types of random ware process is the proper application of phishing emails or different types of malicious links. Similarly, cybercriminals include their phishing email to the system of a particular organisation. When a particular technical manager opened the mail, the overall system was hacked by cyber attackers (The Guardian, 2022). At that time, cyber attackers are having full access to different types of data of organisations that were done for the NHS. Following this process, the organisation had been affected by the ransomware

Tools used by the Attackers

Evaluating the overall information of the organisation, it has been identified that the cybercriminal uses the proper type of advanced technology which affected the overall server system of the NHS. Images are one of the biggest healthcare providers in the UK that have been operated by the technology firm Advanced to maintain different types of activities and to store the potential data of the patient in that healthcare sector. Therefore for attacking the overall system server of the NHS, the cybercriminals have used different types of have used Lockbit 3.0 which is known as the major variant of ransomware that help the cyber attackers to target organisation and businesses (Digital Health, 2023). It is also known as the evolution of different previous versions of the lock bit ransomware families. Like the other kind of ransomware strains, it has been spread by cyber criminals through the application of phishing emails to the advanced group.

Prevention Technique

By evaluating different types of preventive techniques, the organisation can easily mitigate the cyber security issues that occurred from the ransom attack. Updating the software can be helpful for the organisation to be up to date with the latest security patches which are not easily exploited by the ransomware. As depicted by Conti et al. (2018), proper installation of firewalls or security solutions can be also helpful for the organisation to keep up to date which helps to detect and block different types of threads of ransomware. Enabling the automatic backup and educating the employees are also helping the organisation to prevent different types of cyber security issues in the over environment that mitigate the chances of ransomware attacks.

Conclusion

Evaluating different types of activities and cyber-attacks done on the images during the year 2022 August, it is seen that it created a huge amount of issues by extracting different types of data of the patients blocking the system operation and accessibility of the data for the employees of the NHS. Among the major types of issues, cybercriminals have used Lockbit 3.0 for preventing the accessibility of the employees and management body of the NHS. Different types of prevention techniques including a secured system updating the software and educating the employees can be helpful to mitigate these issues in the future.

Task 2.1

Alternative standards (e.g. Cyber Essentials Plus, NIST, COBIT) of ISO27001

ISO 27001 is one of the major international standards which helps to maintain different types of information security management systems for providing a proper frame of implementation and maintaining the security of the organisation's information. This standard is a widely recognised and respected standard which helps the organisation to get better support. Different types of alternative standards used by organisations instead of ISO27001 are described below.

Cyber Essential Plus

The application of cyber essential Plus is known as one of the major UK Government back-end schemes which provide a huge amount of support to the organisation to gather a clear idea about the baseline of different types of higher security controls. As depicted by Lloyd (2020), this type of cyber security standard also helps organisations to secure a perfect place in a particularly competitive environment. It is also known as the major extension of the particular scheme which includes independent certifications and testing of the organisation's cyber security measurements. This type of cyber security and cyber essential plus standards can provide a huge amount of support to the business organisation to get security from different types of cyber attacks.

NIST cyber security framework

NIST is majorly known as one of the well-known institutions which have the full form of the National Institute of Standards and Technology. As depicted by Gordon et al. (2020), this institute develops a cybersecurity framework which provides a better and voluntary approach to improving the cyber security of the organisation. Different types of guidelines, standards and best practices for using different advanced equipment can be customised in this framework which helps organisations to use different types of advanced technology to meet all the specific requirements of the organisation. Proper usability of this framework can be effective for the organisation to mitigate cyber security issues and offer better support to the management body.

COBIT

The Control Objective For Information Technology is very well known as one of the major frameworks for the management and IT governance body which provides a huge amount of support and control towards the organisation (Fernandes et al. 2020). Different best practices of this framework can help to gather good ideas about information security. This type of framework also includes a proper level of maturity model that allows organisations to access different types of current states and development for improving their information and security practices.

Therefore, it can be depicted that these alternative standards can help indicate different types of issues of fibre attack in the overall organisation to the environment. Organisations from the UK can easily develop this system to manage their productivity effectively by preventing attacks.

Wider benefits of ISO27001 to the organisation

The proper application of ISO 270001 is very much helpful to provide different types of benefits to the organisation's security management system by compliance with different types of legislative requirements. The major benefits of this standard are described below.

1. ISO 270001 is very much effective for the organisation to conduct a risk assessment Matrix that helps to identify different types of information security risk and implement the development of proper control to mitigate their risks in the overall activities.
2. This standard is also helpful for the organisation to understand their overall risk profile and develop different risk strategies (Storica and Candoi-Savu, 2020).
3. Implementation of this ISO 2700 standard can be effective for demonstrating the overall commitment of an organisation to its information security which can enhance the trust and customers' confidence.
4. Implementation of this standard is also helpful for the management to streamline the overall information security process by reducing the type of risk and different types of security incidents.
5. ISO 270001 also provides a good amount of framework for the organisation to meet various types of regular requirements for information security. Implementation of these systems can be effective for the organisation to demonstrate the overall complaints with regulations and inductive standards that can help to avoid legal action, fines and reputational damage (Shohoud, 2023).
6. Getting a higher rate of competitive advantage is also known as one of the primary factors which provide a proper amount of organisation. Proper development of certification can help to demonstrate that a particular organisation implement the best practices of information security committed toward protecting the sensitive data

Evaluating all the benefits it can be depicted that ISO 270001 is one of the major information security standards that helps to maintain different types of operations and prevent cyber security issues in the environment.

Task 2.2

Main clauses need to implement under ISO 27001

Being a part of the NHS group, I needed to provide a clear idea of various information about the ISMS. At the time of implementing ISO 27001, organisations need to maintain different types of processes for maintaining all the requirements and improving overall information security. This framework also provides purpose support during the implementation establishment continuous improvement and maintenance of the organisation of functionality. The major clauses of the model are described below.

1. Scope is one of the primary classes of the ISMS standards which include different boundaries of various assets and systems that will be protected.
2. Leadership is also known as one of the primary clauses which are required of management to provide a clear idea about that overall commitment towards ISMS and provide different resources and leadership to support the overall implementation process (Aedah, and Hoga, 2020).
3. Planning is also known as one of the primary clauses which assist organisations to develop a proper dis management strategy and to set various types of information security objectives. It is effective for planning the overall factor to achieve the objective in the environment.
4. The support clause also requires organisations to provide training resources and awareness necessary for supporting the implementation of this standard in the overall organisation (Alexei, 2021).
5. The operation of the clause helps to cover the implementation of this time. including the implementation and development of procedures and policies.
6. Performance evaluation and improvement are also known as the primary classes which help the organisation to monsoon and measure the performance and to find out the major loopholes which help them to continuously improve the standard by taking preventive and corrective actions.

Security control objectives applicable to the chosen company

Depending upon the overall security control objectives of ISO 27001, organisations need to manage different types of activities by providing a huge amount of support to prevent different issues in the environment.

1. The application of accessing control can be effective for implementing the control measurement authorised personnel to have access to their information system, data and physical assets (Lopes et al. 2019).
2. The physical security of this organisation should also implement different types of security measures to protect its physical assets including data centres buildings and other facilities which can include the overall accessibility of surveillance control and environmental factors.
3. This type of security incident management can help the NHS group establish the proper procedure types in an effective and timely manner.
4. The NHS also needs to implement and develop proper business continuity management that helps to ensure the oral critical business function for continuing in a particular event of a disruption.
5. Proper development of network security and supplier third-party management can be helpful to develop world control over security and suppliers (Fathurohman, and Witjaksono, 2020).
6. The management also needs to hide the question and trainers to train and initiate the security awareness program for the contractor employees and other authorised uses to get different types of information data.

Auditing and certification process of ISO 27001

The application of the certification and auditing process of ISO 27001 includes different types of steps which are described below.

Proper identification of the gap analysis is the primary process of the certification process for a particular organisation to analyse their overall current information security management system against the requirement of ISO 27001. As depicted by Simbolon and Hardiyanti (2019), it can be effective to identify different low holes in the system for determining the scope of the certification process. Organisations can also implement different types of control to various addresses which help them to comply and identify different ways with ISO 27001.

The second stage is the risk assessment which helps the overall organisation to evaluate and identify different types of risk to the organisation's information security. This type of operation can help to determine the overall control about the major requirement to be implemented for mitigating the risks in the overall organisation. The internal audit and certification audit are the major stages for the organisation. As opined by Antunes et al. (2022), it conducts internal and external audits for assessing the effectiveness of information security management. The audit is being conducted by a third-party auditor for evaluating the overall security of the management system against the different requirements of ISO 27001. The auditors are also getting access to the overall procedure, policies and control and conduct the interview of the employees to identify the systems. The last stages of the certification and auditing process are the certification and surveillance audits. After passing all the certification audits, the organisation has been awarded ISO27001. Similarly for maintaining the certification, the organisation needs to undergo regular surveillance audits for ensuring their overall information security management for continuing to meet the requirements of ISO27001.

Task 3.1: Implementation of data protection and design for the NHS

The proper implementation of the data production and design in the overall context of the National health service includes several types of key considerations for safeguarding patient information and ensuring the overall complaints with different types of relevant regulations. Some major steps of these implementation processes are described below.

Accessing different types of current data protection landscape can be helpful for the organisation to contact a proper comprehensive assessment of the different types of existing data production practices policies and the infrastructure of the images to identify vulnerabilities, gaps, and the areas to be improved. Along with that, as depicted by Truong et al. (2019), understanding the regulatory and legal requirements can be helpful for the organisation to familiarise themselves with elephant types of regulation and loss such as GDPR and data protection act 2018 factors. After identifying different types of legal requirements, the creation of the data production policies and data production strategy by defining different types of goals and objectives related to the data collection accessibility sharing and storage can provide better support to the management that gate better results to outlining the overall approach of the organisation.

Implementation of the lowest data governance production all over the world can help outline the responsibilities and rules along with the accountability of data connection in the overall organisation (Ahmed, 2021). Monitoring and receiving all the decoration processes and controls can be helpful to ensure the effectiveness and compliance of the activities. On the other hand, offering training and educating the staff of employees can be also helpful for maintaining security. These are the major steps that have been used for the implementation of operator prediction by default designs for the chosen company.

Task 3.2: Usability of Various Mechanisms for the Implementation Phase

During the overall implementation face of data production, various types of mechanisms play a crucial role which ensures the effectiveness and usability of the overall data protection framework. The major types of mechanisms for the implementation phase are described below.

Data discovery

The application of the data discovery mechanism is known as the proper process which involves locating and identifying the different types of sensitive data within the overall system of the NHS and their infrastructure. As depicted by (2021), these mechanisms can also help the organisation to understand the scale and scope of their different data set which enable them to effectively protect and manage different types of data by implementing the lowest data discovered tools and techniques. This organisation can also provide proper visibility into the different sensitive data which recipes and it's an implementing various types of appropriate security control and accessing the restriction in a particular environment.

Data classification

Data classification is also known as one of the major processes which categorised different types of data based on value sensitivity and regulatory requirements. As opined by Chen et al. (2020), by applying this type of data classification mechanism, the organisation can easily assign different types of tags and labels to the data set including the level of production required for the organisation. Implementation of these security measurements and access control can help to define the overall sensitivity of the data. It can be also effective for increasing usability by providing proper guidance on the overall process of managing the data to store, share and handle.

Data processing impact assessment

Data processing impact assessment or DPIA is known as the major framework which helps to evaluate different types of potential waves and their impacts associated with the processing of personal data. As analysed by Ramesh et al. (2022), this mechanism is also helpful for me ticketing privacy and identifying security waste before implementing any kind of changes in the new project to the existing process. By conducting this mechanism, organisations can address the privacy concern and ensure the overall complaints of the data revolution by enhancing the accountability and transparency of the different types of databases in activities on individuals' privacy rights.

Data loss prevention

DLP and Data loss prevention are majorly designed for preventing different types of unauthorised use accessibility or disclosure of various sensitive data. As depicted by Shankar et al. (2021), it is also designed for mitigating and price access which involves the overall implementation process of a better combination of technical control procedures and policies to detect, monitor and present various data breaches and data loss incidents. The application of this day can help provide an additional layer of different security without significantly affecting the legitimation of data uses and handling productivity.

Privacy-enhancing technologies

Privacy-enhancing Technology is known as one of the primary techniques and tools which helps to protect the privacy of individuals at the time enabling the effective use of data. This type of Technology also includes an anonymisation secure sharing process and pseudonymization which helps to maintain the cryptography technique. As illustrated by Hao et al. (2019), his type of overall activity can help organisations to enhance privacy protection while being able to perform different types of research, data analysis and information sharing. Pets can also help achieve the overall balance between the private limited by ensuring the preservation of privacy without necessary data usability.

References

Task 2.1

Adams, H.S. 2022. Defending the NHS from cyber-attacks in 2022. Healthcare. Available at: https://healthcare-digital.com/hospitals/defending-the-nhs-from-cyber-attacks-in-2022 [Accessed on 10^th May, 2023].

BBC News, 2022. NHS 111 software outage confirmed as cyber-attack. BBC. Available at: https://www.bbc.com/news/uk-wales-62442127[Accessed on 10^th May, 2023].

Conti, M., Gangwal, A. and Ruj, S., 2018. On the economic significance of ransomware campaigns: A Bitcoin transactions perspective. Computers & Security, 79, pp.162-189.

Digital health, 2023. Client data exfiltrated in Advanced NHS cyber attack. Digutal health. Available at: https://www.digitalhealth.net/2022/10/client-data-exfiltrated-advanced-nhs-cyber-attack/#:~:text=Health%20and%20care%20software%20 supplier,software%20systems%20 for%20two%20 months[Accessed on 10^th May, 2023].

The Guardian, 2022. NHS ransomware attack: what happened and how bad is it?. NHS. Available at: https://www.theguardian.com/technology/2022/aug/11/nhs-ransomware-attack-what-happened-and-how-bad-is-it[Accessed on 10^th May, 2023].

Task 2.2

Aedah, A.R. and Hoga, S., 2020. Maturity framework analysis ISO 27001: 2013 on indonesian higher education. International Journal of Engineering & Technology, 9(2), pp.429-436.

Alexei, L.A., 2021. Ensuring information security in public organizations in the Republic of Moldova through the ISO 27001 standard. Journal of Social Sciences, 1(4), pp.84-94.

Antunes, M., Maximiano, M. and Gomes, R., 2022. A Customizable Web Platform to Manage Standards Compliance of Information Security and Cybersecurity Auditing. Procedia Computer Science, 196, pp.36-43.

Fathurohman, A. and Witjaksono, R.W., 2020. Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), pp.1-11.

Fernandes, A.J., Hartono, H. and Aziza, C., 2020. Assessment IT governance of human resources information system using COBIT 5. International Journal of Open Information Technologies, 8(4), pp.59-63.

Gordon, L.A., Loeb, M.P. and Zhou, L., 2020. Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb Model. Journal of Cybersecurity, 6(1), p.tyaa005.

Lloyd, G., 2020. The business benefits of cyber security for SMEs. Computer Fraud & Security, 2020(2), pp.14-17.

Lopes, I.M., Guarda, T. and Oliveira, P., 2019. Implementation of ISO 27001 standards as GDPR compliance facilitator. Journal of Information Systems Engineering & Management, 4(2), pp.1-8.

Shohoud, M., 2023. Study the Effectiveness of ISO 27001 to Mitigate the Cyber Security Threats in the Egyptian Downstream Oil and Gas Industry. Journal of Information Security, 14(2), pp.152-180.

Simbolon, N. and Hardiyanti, D.Y., 2019, March. Security audit on loan debit network corporation system using cobit 5 and iso 27001: 2013. In Journal of Physics: Conference Series (Vol. 1196, No. 1, p. 012033). IOP Publishing.

Stoica, L.A. and Candoi-Savu, R.A., 2020. Math approach of implementing ISO 27001. In Proceedings of the International Conference on Business Excellence (Vol. 14, No. 1, pp. 521-530).

Task 3

Ahmed, G., 2021. Improving IoT Privacy, Data Protection and Security Concerns. International Journal of Technology, Innovation and Management (IJTIM), 1(1).

Chen, R.C., Dewi, C., Huang, S.W. and Caraka, R.E., 2020. Selecting critical features for data classification based on machine learning methods. Journal of Big Data, 7(1), p.52.

Hao, M., Li, H., Luo, X., Xu, G., Yang, H. and Liu, S., 2019. Efficient and privacy-enhanced federated learning for industrial artificial intelligence. IEEE Transactions on Industrial Informatics, 16(10), pp.6532-6542.

Medina-Smith, A., Becker, C.A., Plante, R.L., Bartolo, L.M., Dima, A., Warren, J.A. and Hanisch, R.J., 2021. A controlled vocabulary and metadata schema for materials science data discovery. Data Science Journal, 20(1).

Ramesh, M., Deepa, C., Kumar, L.R., Sanjay, M.R. and Siengchin, S., 2022. Life-cycle and environmental impact assessments on processing of plant fibres and its bio-composites: A critical review. Journal of Industrial Textiles, 51(4_suppl), pp.5518S-5542S.

Shankar, V., Kalyanam, K., Setia, P., Golmohammadi, A., Tirunillai, S., Douglass, T., Hennessey, J., Bull, J.S. and Waddoups, R., 2021. How technology is changing retail. Journal of Retailing, 97(1), pp.13-27.

Truong, N.B., Sun, K., Lee, G.M. and Guo, Y., 2019. Gdpr-compliant personal data management: A blockchain-based solution. IEEE Transactions on Information Forensics and Security, 15, pp.1746-1761.

You May Also Like:

IT Coursework Help

Great UK Universities for Computer Science and IT Degrees