Ransomware attack blamed on misconfigured firewall

  • 1 February 2017
Ransomware attack blamed on misconfigured firewall

The ransomware attack that shut down a northern trust for four days has been blamed on a misconfigured firewall, according to a cyber-security review.

IT systems at Northern Lincolnshire and Goole NHS Foundation Trust were hit with a ransomware virus, known as Globe2, on 30 October, 2016.

To prevent the virus spreading, the trust shut most of its clinical systems for four days, resulting in 2,800 patient appointment cancellations, The attack has also sparked an ongoing police investigation.

The trust's January board papers reveal it hired a cyber-security company NCC to conduct a review of the ransomware attack.

In a summary of the findings, which the trust has refused to release in full, the trust said NCC found “no evidence that any data has been viewed, stolen or removed” as result of the ransomware attack.

Instead, the review found “the biggest issue which caused this [the ransomware attack] was a misconfiguration of the firewall”.

The trust was aware of the firewall fault before the ransomware attack, the report found. However, the attack occurred “before the necessary work on weakest parts of the system had been completed”.

A trust spokeswoman refused to comment further on the report, citing the ongoing police investigation.

The NCC report gave a list of recommendations, a fill list of which the trust also refused to release.

However, the board papers said all recommendations had been accepted with the exception of placing black boxes at its two hospitals “for monitoring”. That recommendation was deemed too expensive.

Other recommendations that were disclosed included penetration testing and gauging staff's cyber-security awareness by sending test emails requesting their passwords.

Many trusts have been re-evaluating the cyber security arrangements in the wake of the Northern Lincolnshire and Goole attack, including Sheffield Teaching Hospitals NHS Foundation Trust which overhauled its IT strategy to reflect cyber threats.

Trusts that have recently reviewed their cyber security include; Norfolk and Norwich University Hospitals, North Tees and Hartlepool, and Cheshire and Wirral NHS foundation trusts, among others.

The moves comes against a backdrop of a rising cyber-security threat for the NHS, with concerns that many trusts still rely on legacy IT systems, such as Windows XP, that are vulnerable to attack.

Digital Health Intelligence maintains a database of the administrative and clinical systems in use at trusts, and uses this to calculate a clinical digital maturity index score for them. Northern Lincolnshire and Goole NHS Foundation Trust (log-in required) has a score of 87 and is ranked 19 (out of 153 acute trusts).
 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups for people with blood disorders have raised concerns about NHS England plans to combine clinical registries in a single platform.
Harnessing AI and cybersecurity to transform healthcare in the UK

Harnessing AI and cybersecurity to transform healthcare in the UK

The UK healthcare sector is in a transformative era, driven by advancements in artificial intelligence (AI). AI has the potential to revolutionise healthcare by improving…
Junior doctors break strike to assist at sites hit by cyber attack

Junior doctors break strike to assist at sites hit by cyber attack

Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts continue to experience major disruption following the cyber attack on Synnovis.