Aggressive ransomware blamed for NHS cyber-attack
- 5 December 2016
The Globe2 ransomware virus has been singled out as the culprit in the cyber-attack that took down a northern NHS trust's systems for four days.
Northern Lincolnshire and Goole NHS Foundation Trust confirmed in a statement on Monday that the shutdown, which led to cancellations of 2800 appointments, was due to a variant of ransomeware called Globe2.
Globe2 works similarly to other ramsonware viruses, but uses a Blowfish data encryption, by ecrypting files and demanding money to release them. It has been described by security experts as very aggressive.
Pam Clipson, director of strategy and planning at the trust, said: “Any potentially encrypted servers were checked and cleansed both prior to switching off and before returning to ‘live’ status”.
“The majority of our systems were up and running again within 48 hours.”
A trust spokesperson confirmed on Thursday that all the systems were now up and running.
The latest board papers from the trust show the 30 October attack infected the systems through a “remote intruder”, and that “data elements on a number of trust servers were encrypted”.
The attack is also being examined by West Yorkshire Police, with Clipson adding as the police’s investigation is “still in progress, it could be prejudicial to publish any further detail about the case, including the exact details of how the perpetrator gained access”.
When it hit, most operations and appointments were cancelled for four days, and patients were urged to only visit the emergency departments “if you absolutely need to”.
The outage affected all three of the trust’s major hospitals; Scunthorpe General, Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital.
This ransomware attack will add to the growing concern within the NHS of cyber-attacks, where there is a big base of legacy IT systems that are particularly vulnerable.
To help the NHS build its resilience, NHS Digital set up CareCert (the Care Computing Emergency Response Team) last year for both individual trusts and across national IT infrastructure.
In September, the CareCERT unit started to offer new services to help trusts defend against cyber-attacks and a support team to help them respond to a successful attack.
Clipson said the trust wanted to assure its patients and stakeholders that it “acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information at this time on the exact steps we have taken”.