Ransomware attack blamed on misconfigured firewall

  • 1 February 2017
Ransomware attack blamed on misconfigured firewall

The ransomware attack that shut down a northern trust for four days has been blamed on a misconfigured firewall, according to a cyber-security review.

IT systems at Northern Lincolnshire and Goole NHS Foundation Trust were hit with a ransomware virus, known as Globe2, on 30 October, 2016.

To prevent the virus spreading, the trust shut most of its clinical systems for four days, resulting in 2,800 patient appointment cancellations, The attack has also sparked an ongoing police investigation.

The trust's January board papers reveal it hired a cyber-security company NCC to conduct a review of the ransomware attack.

In a summary of the findings, which the trust has refused to release in full, the trust said NCC found “no evidence that any data has been viewed, stolen or removed” as result of the ransomware attack.

Instead, the review found “the biggest issue which caused this [the ransomware attack] was a misconfiguration of the firewall”.

The trust was aware of the firewall fault before the ransomware attack, the report found. However, the attack occurred “before the necessary work on weakest parts of the system had been completed”.

A trust spokeswoman refused to comment further on the report, citing the ongoing police investigation.

The NCC report gave a list of recommendations, a fill list of which the trust also refused to release.

However, the board papers said all recommendations had been accepted with the exception of placing black boxes at its two hospitals “for monitoring”. That recommendation was deemed too expensive.

Other recommendations that were disclosed included penetration testing and gauging staff's cyber-security awareness by sending test emails requesting their passwords.

Many trusts have been re-evaluating the cyber security arrangements in the wake of the Northern Lincolnshire and Goole attack, including Sheffield Teaching Hospitals NHS Foundation Trust which overhauled its IT strategy to reflect cyber threats.

Trusts that have recently reviewed their cyber security include; Norfolk and Norwich University Hospitals, North Tees and Hartlepool, and Cheshire and Wirral NHS foundation trusts, among others.

The moves comes against a backdrop of a rising cyber-security threat for the NHS, with concerns that many trusts still rely on legacy IT systems, such as Windows XP, that are vulnerable to attack.

Digital Health Intelligence maintains a database of the administrative and clinical systems in use at trusts, and uses this to calculate a clinical digital maturity index score for them. Northern Lincolnshire and Goole NHS Foundation Trust (log-in required) has a score of 87 and is ranked 19 (out of 153 acute trusts).
 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.