A Dundee hacking expert has warned public bodies with limited IT funds remain susceptible to cyber-attacks similar to the one which crippled the NHS last week.
Ten Dundee medical centres were hit by Friday’s worldwide cyber-attack, causing severe disruption to patient services.
Surgeries including Hawkhill Medical Centre were struck by the Wannacry decryptor ransomware worm, which prevented doctors and medical staff from being able to use their computers.
IT technicians spent hours over the weekend trying to stem the problem and the ten affected medical practices were open as usual on Monday morning.
Colin McLean, a lecturer in ethical hacking at Abertay University, said local councils and the NHS remain “stuck between a rock and a hard place” when trying to defend themselves against online attacks, due to the constant need to upgrade computer systems.
He said: “The Wannacry worm is a very uncommon type of virus. The last time I heard about a remote exploit which could break into a computer was 2008.
“Updating operating systems will stop this exploit in the short term. It is very difficult for the NHS and public bodies in the long term because of the old technology used by these bodies, and if you update the operating systems on some of these machines, they won’t work.
“These organisations are stuck between a rock and a hard place on whether they want to update a £5 million MRI scanner or run the risk of the worm hitting. There is a very difficult situation when you are using old technology.
“These systems will always remain susceptible to attack if you don’t update operating systems or isolate the worm. Some of the systems used by local councils are exactly the same, where they are running critical pieces of software that won’t run on modern operating systems.
“The alternative is to pay someone to design an application or patch, which two years from now may or may not be out of date. It is an incredibly complex problem for public bodies who have limited funds.”
A spokesperson for NHS Tayside said: “All 10 GP practices affected by the UK-wide cyber attack are now operating as normal with no disruption to appointments and services. Patients should continue to attend and contact their GP Practice in the usual way.
“No NHS Tayside systems or hospital sites were affected by the cyber attack and there was no impact on NHS Tayside’s Emergency Departments, outpatient clinics or Out-of-Hours Service. Again, any patient with a hospital appointment should attend as normal.
“NHS Tayside takes IT security and data protection very seriously and we continually monitor and review our level of protection and invest in our IT security defences. Our security protection methods have prevented significant impact of this attack within our organisation.”
