Monday 15 May 2017
Indications, following extensive checks over the weekend, are that the States of Guernsey was unaffected by the ransomware that disrupted organisations around the globe last week. Further checks and actions are ongoing.
The ransomware, which locked users' files and demanded payment to allow access, spread to 150 countries, including Russia, the US and China.
In England, 47 NHS trusts reported problems at hospitals, GP surgeries or pharmacies and 13 NHS organisations in Scotland were also affected.
Locally, neither the Princess Elizabeth Hospital nor the Medical Specialist Group was affected, with both wanting to reassure patients that operations and appointments are unaffected. UK hospitals that routinely treat Bailiwick patients were also unaffected.
The vast majority of States of Guernsey machines operate Windows 7 or higher, so were supported by Microsoft patches. About 100 of the States of Guernsey's 4,000 PCs used earlier operating systems; there has been an extensive program of updating devices over the last year. Any machines running older operating systems have either been isolated or patched to protect against this attack.
Deputy Mary Lowe, President of the Committee for Home Affairs, which leads on cyber security, said:
'This global attack really highlights the need for our whole community to remain vigilant to the very real threat cyber-attacks pose. It is to be welcomed that at this stage the island seems to have been unaffected by this ransomware, but we must not be complacent.
My Committee is working with colleagues from the UK National Cyber Security Centre to enhance our information sharing and cyber capability and as a result we had very early indication of the attack through the Cyber Information Sharing Partnership. We will continue to develop appropriate and proportionate cyber security and this will be a key area of the Committee's work aligned with the Policy and Resource Plan.
Across the States our IT infrastructure has come a long way in recent years and we must continue to invest where needed. I would urge all Bailiwick businesses and residents to take the necessary steps to protect against such attacks, and never click on a link or attachment from an unknown source.'
All organisations are advised to
- Keep security software patches up to date
- Use proper anti-virus software services
- Back up the data that matters, because you can't be held to ransom for data you hold somewhere else
Colin Vaudin, States of Guernsey Chief Information Officer, said that, in addition to the range of preventative measures the States uses, a number of further steps had been taken since the attacks occurred, including emailing all government staff reminding them of the need to remain vigilant, checking the network, ensuring all systems are patched and contacting partner organisations.
'We have a range of preventive measures to reduce the risk of a successful attack and we have been enhancing our security measures over the last year or so. I would also like to take this opportunity to thank the IT staff who worked all weekend to ensure our response was robust. Thankfully it does not appear, at this stage, that any of our systems have been affected. I would like to reassure Islanders that while we aim to prevent any attack we also have processes in place to recover from such an event, if it was necessary to do so, so all States of Guernsey data is backed up on a regular basis and held in a separate location just in case.
While the systems we have in place are strong, we are not complacent and will not become so. This is a risk area that is ever-evolving and we must continuing working to identify any vulnerabilities in our systems and proactively address them.'