Given the following sub-headline in The Independent’s reporting of the NHS site defacements yesterday morning, and the description of it as an ‘unprecedented attack’ the public would probably be wondering how bad the threat is to their medical information:
‘One analyst, says the hacks ‘appear to be deliberately targeted at a British public institution and in particular at an institution dealing with something which affects every member of the public, their health’
Calling themselves the ‘Tunisian Fallaga Team’, these people did a few other sites back in 2015, some of them for leisure centres in Ireland and suchlike that are often considered easy targets. The sites would have displayed something like this:
There’s actually nothing unprecedented about this, and how exactly did The Independent make the conection between the Tunisian Fallaga Team and ISIS, when it was essentially an anti-war message? So, the article opens with classic scaremongering.
Since The Independent doesn’t reveal which sites were defaced (were they even on the .nhs domain?), they could well have been sites only incidentally related to the NHS, such is the level of privatisation in England – that nobody drew attention to the incidents for about three weeks, until yesterday, is telling.
But what about the impact? Well, there isn’t much, apart from some embarrassment. Almost all the NHS public-facing sites are completely segregated from the systems that store and process patient records, and there are multiple layers of protection for the latter. In short, the data is only accessible from within the network, and using clinical applications that are authenticated. The threats I’m far more worried about are a) insiders, and b) private firms who are given access to the data.