The recent unprecedented cyber attacks via the Wannacrypt ransomware have no doubt affected at least some EHS users in some way. It’s possible that local IT services may have shut down networks or servers as a precautionary measure.
In the event that you’re encountering difficulties accessing any of your clinical systems from EHS, please do contact us via our helpdesk & we will be able to advise further. In most cases we will ask you contact your local IT services to help resolve the situation.
Ransomware attacks encrypt files that it can gain access to. The files to which it can gain access are limited by the logged in users file access permissions. In the case of standard-level users, this means the ransomware has no direct access to the clinical data which is usually stored on a separate SQL Server machine.
We have at the time of writing, no known vulnerabilities in our software products that would directly enable a cyber attack. Clinical systems in general can be the target of a brute force attack. EHS systems help mitigate this by disabling the login screen after 6 failed login attempts. Due to the multi-tier nature of our systems, should a brute force attack actually succeed, this would still not allow the attacker any direct access to the SQL Server database, so ransomware has nothing to target. Also, the client-server communications do not use SQL (it is not even recognised) so such attacks as SQL injection would not compromise our products.
Measures to reduce risks involved with this type of attack:
- Do not open attachments or links sent via email without verifying the authenticity of the sender or the origin of the email. This is especially true even if the sender is known to you, but the content of the email differs to the their usual content.
- Ensure all operating system & application patches are up to date, including anti-virus software databases
- Make sure your backups are recent but more importantly, that they’re stored offline. In other words disconnect any backup media from your network & systems to prevent ransomware (& other virus types) gaining access.
Clinical data used by our products is typically stored on the trusts central SQL Server installations, or individual SQL Servers. Whilst the data, along with all data of this type is at risk from ransomware (or other malicious code) there is no known exploit within SQL Server itself. Regular, Full backups, stored offline, mitigate any risk from ransomware. SQL Server is, like any other system, a target for a brute force attack. Such an attack would have warning signs such as a very high number of failed logins over a short period of time, specifically the sa login.
We recommend the following for your SQL Server instances:
- Strong service account passwords (or use of managed service accounts or group MSAs from SQL Server 2016 upwards).
- use of encrypted password managers, such as KeePass to store any passwords
- Regular full backups that are stored offline (ie tapes or other removable media)
- Password protect backups (will not help against ransomware directly but is good practice)