Northern Lincolnshire cyber-attack likely ransomware

  • 2 December 2016
Northern Lincolnshire cyber-attack likely ransomware

A ransomware attack appears to be behind the four-day shut-down of a northern trust, that lead to the cancellation of nearly 3,000 patient appointments.

The latest board papers from Northern Lincolnshire and Goole NHS Foundation Trust show the 30 October was a “variant of a malware package” that infected its systems through a “remote intruder”.

A report adds that even though the attack was halted, “data elements on a number of trust servers were encrypted”, suggesting that the attack involved ransomware.

Northern Lincolnshire and Goole detected the virus on a Sunday and responded by shutting down the majority of its IT systems on the basis of "expert advice" that this would help isolate and destroy the virus.

The major incident lasted another three days, with a total of 2,800 patient appointments being cancelled, before the systems could be safely restored.

Even in late November, the board papers said the “technical recovery” was ongoing. However, a trust spokesperson said on Thursday that all the systems were now up and running.

The attack is also being investigation by West Yorkshire Police, with a spokesperson telling Digital Health News on Thursday that inquiries were ongoing.

The virus hit all three of the trust’s major hospitals; Scunthorpe General, Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital.

Most operations and appointments were cancelled for four days, and patients were urged to only visit the emergency departments “if you absolutely need to”.

The nearby United Lincolnshire Hospitals NHS Trust, which shares four computer systems with its neighbour, was also affected, with some services cancelled as a “precautionary measure”.

Cyber-attacks are a growing concern within the NHS, where there is a big base of legacy IT systems that are particularly vulnerable.

Last month, the neighbouring Hull and East Yorkshire Hospitals NHS Trust published its current approach to cyber security, aimed at providing assurance to its board in the wake of the Northern Lincolnshire attack. 

The report says the trust's “biggest potential exposure is a ransomware attack”, which “can have a catastrophic impact”.

“Technical controls cannot prevent this,” the Hull and East Yorkshire report said.

Last year, NHS Digital set-up CareCert (the Care Computing Emergency Response Team) to help build resilience against cyber-attacks, both among individual trusts and across national IT infrastructure.

In September, the CareCERT unit started to offer new services to help trusts defend against cyber-attacks and a support team to help them respond to a successful attack.

During the Healthcare Efficiency through Technology show in London in September, NHS Digital's chief operating officer, Rob Shaw, said the organisation had uncovered widespread and frequent attacks on the NHS, with ransomware a particular issue.
 

READ MORE:
* Criminal investigation after trust downed in cyber attack
* Virus all but shuts down Northern Lincolnshire and Goole
* Dave WInder: Ransomware – it's over here

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.