Ransomware attack blamed on misconfigured firewall

  • 1 February 2017
Ransomware attack blamed on misconfigured firewall

The ransomware attack that shut down a northern trust for four days has been blamed on a misconfigured firewall, according to a cyber-security review.

IT systems at Northern Lincolnshire and Goole NHS Foundation Trust were hit with a ransomware virus, known as Globe2, on 30 October, 2016.

To prevent the virus spreading, the trust shut most of its clinical systems for four days, resulting in 2,800 patient appointment cancellations, The attack has also sparked an ongoing police investigation.

The trust's January board papers reveal it hired a cyber-security company NCC to conduct a review of the ransomware attack.

In a summary of the findings, which the trust has refused to release in full, the trust said NCC found “no evidence that any data has been viewed, stolen or removed” as result of the ransomware attack.

Instead, the review found “the biggest issue which caused this [the ransomware attack] was a misconfiguration of the firewall”.

The trust was aware of the firewall fault before the ransomware attack, the report found. However, the attack occurred “before the necessary work on weakest parts of the system had been completed”.

A trust spokeswoman refused to comment further on the report, citing the ongoing police investigation.

The NCC report gave a list of recommendations, a fill list of which the trust also refused to release.

However, the board papers said all recommendations had been accepted with the exception of placing black boxes at its two hospitals “for monitoring”. That recommendation was deemed too expensive.

Other recommendations that were disclosed included penetration testing and gauging staff's cyber-security awareness by sending test emails requesting their passwords.

Many trusts have been re-evaluating the cyber security arrangements in the wake of the Northern Lincolnshire and Goole attack, including Sheffield Teaching Hospitals NHS Foundation Trust which overhauled its IT strategy to reflect cyber threats.

Trusts that have recently reviewed their cyber security include; Norfolk and Norwich University Hospitals, North Tees and Hartlepool, and Cheshire and Wirral NHS foundation trusts, among others.

The moves comes against a backdrop of a rising cyber-security threat for the NHS, with concerns that many trusts still rely on legacy IT systems, such as Windows XP, that are vulnerable to attack.

Digital Health Intelligence maintains a database of the administrative and clinical systems in use at trusts, and uses this to calculate a clinical digital maturity index score for them. Northern Lincolnshire and Goole NHS Foundation Trust (log-in required) has a score of 87 and is ranked 19 (out of 153 acute trusts).
 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Alder Hey Children's NHS Foundation Trust has announced that the cyber attack it suffered last week has impacted two more hospitals.
Synnovis staff to strike following ‘alarming impact’ of cyber attack

Synnovis staff to strike following ‘alarming impact’ of cyber attack

Staff working for NHS pathology provider Synnovis have announced plans to strike for five days, following a major cyber attack in June 2024.
Major cyber security incident declared at Merseyside hospital

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.