Cyber Virus brings down your NHS (and how to avoid that in community pharmacy)

21 Jul 2017

Are you doing enough to safeguard your cyber security?

You can’t fail to have noticed the May 12 WannaCry cyber-attack. It wasn’t pretty.  The IT systems of 17 NHS Trusts and a number of GP surgeries were affected. The health service relies heavily on IT, and without IT it’s only limping along.

BBC News stressed the NHS aspect, but many other organisations around the world were infected. The virus didn’t target the NHS. The virus was indiscriminate, not that that helped the NHS. Operations were delayed. Departments were closed. Patients were adversely affected.

So what happened? Did you see Horizon on the BBC? Dr Kevin Fong explained it well.

It appears that the NSA developed a virus called a worm that is not only able to infect a computer, but then goes on to infect other computers on the local network. Microsoft became aware of the worm and wrote a Windows update that protected computers from this virus. However, not every user applied the update so many computers remained vulnerable.

Hackers combined that virus with another crypto-virus, that when it infects a computer, encrypts files on the computer and demands a ransom to unencrypt them. The result was the WannaCry virus.  For those that felt the least bad option was to pay up, the bad news was that WannaCry wasn’t even an ‘honest virus’; a number of people paid and still didn’t get their data back!

Community pharmacies don’t appear to have been infected by the WannaCry virus. Did that help the NHS? Well, it meant that medicines could be dispensed and labelled, if the prescriptions could be received.  Around 55% of prescriptions are sent electronically from GPs to community pharmacy, with almost all the rest being printed from the GP computer system, and a handful being handwritten.  In some cases GP systems were down due to either the virus, or from people trying to avoid the virus by turning off their computers. This caused real disruption.

How to keep PCs safe in your community pharmacy

Consider your assets and business processes you need to protect. e.g. your patient medicine record (PMR) system, dispensing, stock ordering, taking payments.

Think about the risks to them – e.g. loss of data (bad), or data theft (a disaster – think of having to inform patients).

Then consider how to manage those risks, detect virus/attacks, and also how to clean-up/restore normal service if affected.

So how to manage those risks

To counter virus like WannaCry (and already there are variants out there):

Use a supported operating system on the NHS Digital warrantied environment specification. Update Windows and programs, and have up to date anti-virus protection. It is important to know who manages these. For larger pharmacy chains, it’s probably your IT department. For independent pharmacies your dispensing system supplier may manage some or all of these but you really need to check. This may be what saved community pharmacy from being infected.

Be careful not to deploy a second anti-virus product onto the same PC. They may not get-along!

Also ensure your network firewall is correctly configured.  This is normally provided and configured by system suppliers as part of your secure N3 connection.

While we’re talking about security, here are some other general security measures to consider:

Physical protection /access control to stop PCs being removed

Protecting data on PCs by disk encryption

Each user needs their own PC logon (a non-admin one)

Train users to be security savvy; to be cautious of email links and attachments. Consider adding email filtering. Don’t allow personal email on work PCs.

Setup an internet browser whitelist to reduce risk

Do backups, ensuring that they are offsite, in England, and inaccessible to any virus on your pc!

Consider adding PC endpoint protection to secure those USB ports etc

Do you have other network devices on the network that might pose a risk? Eg networked TV, vending machine, check-in kiosk, photo printing PC, EPOS till, or personal phones/tablets on Wi-fi.

Follow 10 steps to cyber security, sign up for security bulletins from CareCERT, and for larger organisations consider hiring a security consultant.


Sweating your PC/PMR assets for more than a few years might seem like the cheap option but it might cost you in the long run.

What should you do?

If you want to keep serving patients, prepare now. There will be another virus along real soon.

On Tuesday, 27 June 2017, the virus dubbed GoldenEye was detected. The initial source of infection may have been Ukrainian tax system software, but it has now spread around the world.

It looks like WannaCry in that it encrypts files then demands a ransom (but don’t pay as you’re extremely unlikely to get your files back).

Based on early descriptions from Kaspersky Labs and The Register: The infection can start by email with a malware attachment that may use a faked Microsoft digital signature. If a domain administrator is duped into running the malware, all computers on the network are infected. It can also spread to non-updated computers (using EternalBlue and EternalRomance exploits).

So remember- keep your IT up to date, and in so doing, keep the lights on for your patients. Time also to revisit the NHS IG toolkit and check you’ve got it all covered.


Author: John Palmer is Pharmacy IT Lead at the National Pharmacy Association (NPA) @johnlspalmer