Northern Lincolnshire cyber-attack likely ransomware

  • 2 December 2016
Northern Lincolnshire cyber-attack likely ransomware

A ransomware attack appears to be behind the four-day shut-down of a northern trust, that lead to the cancellation of nearly 3,000 patient appointments.

The latest board papers from Northern Lincolnshire and Goole NHS Foundation Trust show the 30 October was a “variant of a malware package” that infected its systems through a “remote intruder”.

A report adds that even though the attack was halted, “data elements on a number of trust servers were encrypted”, suggesting that the attack involved ransomware.

Northern Lincolnshire and Goole detected the virus on a Sunday and responded by shutting down the majority of its IT systems on the basis of "expert advice" that this would help isolate and destroy the virus.

The major incident lasted another three days, with a total of 2,800 patient appointments being cancelled, before the systems could be safely restored.

Even in late November, the board papers said the “technical recovery” was ongoing. However, a trust spokesperson said on Thursday that all the systems were now up and running.

The attack is also being investigation by West Yorkshire Police, with a spokesperson telling Digital Health News on Thursday that inquiries were ongoing.

The virus hit all three of the trust’s major hospitals; Scunthorpe General, Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital.

Most operations and appointments were cancelled for four days, and patients were urged to only visit the emergency departments “if you absolutely need to”.

The nearby United Lincolnshire Hospitals NHS Trust, which shares four computer systems with its neighbour, was also affected, with some services cancelled as a “precautionary measure”.

Cyber-attacks are a growing concern within the NHS, where there is a big base of legacy IT systems that are particularly vulnerable.

Last month, the neighbouring Hull and East Yorkshire Hospitals NHS Trust published its current approach to cyber security, aimed at providing assurance to its board in the wake of the Northern Lincolnshire attack. 

The report says the trust's “biggest potential exposure is a ransomware attack”, which “can have a catastrophic impact”.

“Technical controls cannot prevent this,” the Hull and East Yorkshire report said.

Last year, NHS Digital set-up CareCert (the Care Computing Emergency Response Team) to help build resilience against cyber-attacks, both among individual trusts and across national IT infrastructure.

In September, the CareCERT unit started to offer new services to help trusts defend against cyber-attacks and a support team to help them respond to a successful attack.

During the Healthcare Efficiency through Technology show in London in September, NHS Digital's chief operating officer, Rob Shaw, said the organisation had uncovered widespread and frequent attacks on the NHS, with ransomware a particular issue.
 

READ MORE:
* Criminal investigation after trust downed in cyber attack
* Virus all but shuts down Northern Lincolnshire and Goole
* Dave WInder: Ransomware – it's over here

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups for people with blood disorders have raised concerns about NHS England plans to combine clinical registries in a single platform.
Harnessing AI and cybersecurity to transform healthcare in the UK

Harnessing AI and cybersecurity to transform healthcare in the UK

The UK healthcare sector is in a transformative era, driven by advancements in artificial intelligence (AI). AI has the potential to revolutionise healthcare by improving…
Junior doctors break strike to assist at sites hit by cyber attack

Junior doctors break strike to assist at sites hit by cyber attack

Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts continue to experience major disruption following the cyber attack on Synnovis.