This months’ cybersecurity for health IT round-up includes British computer expert Marcus Hutchins being released on bail, Lancashire Teaching trust’s cyber awareness campaign and global engineering and technology services company Siemens identifying vulnerabilities in its medical devices.

WannaCry hero Marcus Hutchins released on bail

The young British computer expert and cyber-security researcher who stopped the WannaCry global cyber attack spreading was released on bail on Monday.

He is now on his way to Milwaukee to face charges of selling malware online. According to the BBC, the 23-year-old was at a hacking conference in Las Vegas when he was arrested by the FBI. He faced six counts of helping to create, spread and maintain the banking Trojan Kronos between 2014 and 2015. The FBI has accused Hutchins of writing, updating and selling the Kronos banking trojan between 2014 and 2015 where he and an unnamed associate made (a sum of) money selling the malware-as-a-service on dark web markets.

He is scheduled for his next court appearance on Monday, August 14, and is under onerous bail conditions – no internet access and being forced to wear a GPS tag and surrender his passport. Hutchins denies any wrongdoing. He faces a possible 40 years in prison if found guilty.

Lancashire Teaching trust hosts successful cyber awareness campaign

Lancashire Teaching Hospitals NHS Foundation Trust recently conducted a cyber survey, as part of its Cyber Awareness campaign, which was circulated to staff across the trust.

The trust’s recent board paper’s stated “a great response was received which will enable the Information Governance Team to assess the risk score and prioritise areas for further user engagement.”

During the trust’s cyber campaign, a drop-in advice clinic was held providing an opportunity for staff to meet the governance team and discuss any cyber concerns or general information governance queries. “Following the recent global cyber-attack the events held during Cyber Awareness Week allowed the trust to reinforce the importance of cyber security to ensure our IT systems as are secure as they can be”, the board paper stated.

Siemens identifies four vulnerabilities in its medical devices

The Department of Homeland Security (DHS) issued an advisory last Friday (4 August) after Siemens identified four vulnerabilities in its Molecular Imaging products running on Windows 7.

The German-based company prepared updates for the affected products, which are used in medical imaging, according to the advisory – they advise organisations to take precautions such as protecting network access to the Molecular Imaging products with appropriate mechanisms. The company also recommends that users have appropriate backups and system restoration procedures.

In the DHS report it stated that if successful the vulnerabilities could allow the attacker to remotely execute arbitrary code by sending crafted HTTP requests to the Microsoft web server of affected devices. Exploits that target these vulnerabilities are known to be publicly available. The affected products, Select Molecular Imaging products, are used in medical imaging. According to Siemens, Molecular Imaging products are deployed across the Healthcare and Public Health sector.

NHS trusts in Suffolk to use emergency WhatsApp groups for possible cyber attacks

Social media messenger WhatsApp is set to be used by doctors and CCGs in Suffolk in the event of a future cyber-attack, as part of a raft of measures revealed by health bosses.

While no virus was found on any system in Suffolk during the attack, Ipswich and East Suffolk Clinical Commissioning Group (CCG) has implemented an action plan to ensure Suffolk’s systems stay safe. A catalogue of measures have been planned including social media messenger WhatsApp groups for CCGs and doctors to be used in a cyber attack emergency, manual packs on hand when a virus strikes and secure alternative email addresses being established.

Last month central Suffolk and North Ipswich MP  Dan Poulter called for more investment in cyber security to protect patients and their confidential data.