NHS Trust Suspends Operations After Major Cyber Incident

Written by

An NHS Foundation Trust has taken the unprecedented step of suspending all operations after revealing it suffered a major cyber-attack over the weekend.

Northern Lincolnshire and Goole Trust runs hospitals in Scunthorpe, Grimsby and Goole.

It claimed in a statement on its homepage that although antenatal clinics and chemotherapy will still go ahead, most other appointments on Monday and Tuesday were cancelled.

It explained:

“A virus infected our electronic systems on Sunday October 30 and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it.

Our main priority is patient safety. A major incident has been called and all planned operations, outpatient appointments and diagnostic procedures have been cancelled for today (Monday) and tomorrow (Tuesday). All patients should presume their appointment/procedure has been cancelled unless they are contacted. Those who turn up will be turned away.”

The incident is so serious that the Trust is transferring “major trauma cases” and “high risk women in labour” to other hospitals nearby.

Although it’s unclear exactly what kind of malware has caused such widespread disruption across the Trust’s network, ransomware would seem to be the best bet.

It has already targeted hospitals in Germany, the UK and the US – with cyber-criminals keen to exploit the fact that such organizations may not have adequate cybersecurity in place and be more prepared to pay up in order to restore mission critical systems.

In one of the first cases of its kind to hit the headlines earlier this year, for example, the Hollywood Presbyterian Medical Center revealed that it paid a $17,000 ransom to regain access to its data.

Nearly half (47%) of the 60 Trusts that replied to an NCC Group FoI request back in August claimed to have suffered a ransomware attack over the past year.

Ed Macnair, CEO of CensorNet, argued the problem for IT teams today is the sheer number of attack vectors they have to guard against.

“While there’s every chance this particular attack targeted the trust maliciously, it’s just as possible that the virus came from someone clicking the wrong link or visiting the wrong website,” he added.

“Simply, anything remotely suspicious needs to be blocked. Sadly, there are always going to be threats that slip through the cracks, but if organizations increase visibility into and control over their systems then most can at least be stopped before causing too much damage.” 

What’s hot on Infosecurity Magazine?