Two-week wrap of the cyber-attack

  • 26 May 2017
Two-week wrap of the cyber-attack
Whipps Cross Hospital Barts Health NHS Trust

Latest status on affected trusts

Friday marks two weeks since the global cyber-attack and extent of the 12 May incident is starting to be calculated.

Staffordshire and Stoke on Trent Partnership NHS Trust had a total of 120 appointments cancelled and delayed between 12 May and 16 May, according to a trust spokeswoman.

The trust could not estimate the financial recovery damage as “the cost has not been established as yet”, she said.

One of the trusts that continued to be hit throughout the weekend was James Paget University Hospitals NHS Foundation Trust, with all patient operations and appointments back to schedule on Tuesday.

In the trust’s May board papers, details were provided about how the trust dealt with the ransomware virus. A full shut down occurred, and face to face meetings were held with staff to keep them up to date with the dynamic situation.

“Some [staff] gave up their weekend and many have worked on limited sleep, particularly our IT team”, the chief executive’s, Christine Allen, report said.

She also thanked the trust staff profusely.

The hardest hit trust from the cyber-attack, Barts Health NHS Trust, confirms it has now got most of its planned operations and clinics running.

Barts, which is the largest trust in England, suffered extreme ramifications from the attack.

In a statement released on the trust’s website on Thursday (25 May) it said: “We are steadily bringing our clinical systems back online, with imaging and pathology services now running as normal.”

The trust apologised to those affected by delays and cancellations and stated it will have staff work over weekends to provide rescheduled appointments.

“Although staff now have access to emails, it may take time for us to answer queries from members of the public due to a large backlog of messages to be processed. We apologise for the delay,” the statement said.

“It is too early at this stage to speculate about the causes of the disruption. Alongside other NHS organisations we will in due course hold an investigation into what happened on 12 May, and apply any lessons we learn. We always work closely with our anti-virus supplier to ensure testing and protection is up-to-date, and the anti-virus software is updated daily.”

On April 20, Barts was faced with another major incident – this time to its network.

A huge IT failure had left staff without access to pathology and diagnostic imaging. It also affected other critical clinical systems leading to disrupted services and cancelled appointments.

The situation was described as “complex”, with “a number of applications have been affected to varying degrees, such as chemotherapy prescribing and digital dictation systems”.

Barts serves about 2.5 million people living in East London.

Trusts re-evaluate protection plans

While some trusts were not directly hit by the ransomware attack, their board papers reveal that the incident has caused them to re-evaluate their cyber-attack prevent plans.

West Suffolk NHS Foundation Trust was not directly affected by the cyber-attack, but in its May board meeting the repercussions were apparent with the approval for a new firewall. The board paper stated it will “help protect the trust against the type of cyber-attack suffered in May”.

A trust spokeswoman said she was unable to confirm the cost of this, due to commercial confidentiality.

One of the biggest teaching trusts in the country, The Leeds Teaching Hospitals NHS Trust had stated in its May board papers that “in the light of the cyber-attack in mid May, we cannot be over vigilant in this area”.

“It is important that we ask NHS England and NHS Improvement to share learnings from incidents in other trusts quickly.”

Leeds Teaching was already reviewing its cyber security prior to the 12 May attack. Digital Health News reported in April that a fake phishing email sent out to all staff fooled 400 NHS employees into replying with confidential information.

In the May papers, it said the review suggests the trust has “reasonable protection” but is “prone to human frailties in responding to suspicious emails”.

National Cyber Security Centre’s role in the ransomware attack

The attack also saw the National Cyber Security Centre (NCSC) play a role in the response. The centre became operational in October last year.

Ciaran Martin, its chief executive, told a cyber security conference on Thursday that during the incident the NCSC’s website saw 200,000 unique page views for general ransomware advice.

The NCSC’s cyber information sharing partnership (CiSP) portal received more than double the average weekly visit.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.

4 Comments

  • The issue I hope will be quantified is the clinical time lost due to downtime of the systems for emergency patching. In those 80% of Trusts who were unaffected, this patching was done as planned in clinical downtime, and this disruptive emergency patching was also applied to many GP and other Primary Care systems.
    While management may have formulae to estimate the financial equivalence of clinical time, actual hours or days lost wil be more directly meaningful to most NHS staff and patients.

  • It’s going to be interesting to see the difference in reprecussions resulting from a catastrophic IT event, both of which I believe will be shown to be largely preventable, and both result in significant harm, both financial and reputational, as well as possible clinical harm in the NHS.

    On the one hand British Airways, a commercial organisation where the senior executives will answer to its owners, the shareholders.

    On the other the NHS, where our equivalent of the Board is the MPs, as I can’t believe that the NEDs on the NHS board would actually have the power to throw the executives out.

  • What I now of these type of organisations is that they operate a very old school approach to IT and some are building their on internal IT industries / empires at great cost and inefficiency.

    They have the sort of mentality that would sooner host a website in their bedroom on an ADSL line than pay a professional hosting provider £10/month.

    They are terrified the very notion of switching to a national NHS.net email system. It strikes fear and anger in to their hearts. Yet even now whilst most of the NHS carries on they are struggling to recover and we see this happens time and time again.

    Why must they fight so hard to protect their local IT industry, at what cost and who benefits?
    It certainly isn’t the patients.

    • You’ve criticised NHSmail refusenik Trusts a few times now @Dan. A quick DIG for the MX records of the domains used shows that the national mail.nhs.net gateways are the sole ingress. I’ve also reviewed mail headers from Trusts that I’ve previously been in email contact with. Again, mail.nhs.net is the mail gateway. Mail routed through the gateway for non-@nhs.net domains gets scanned just as NHSmail2 mail.

      Flipping your argument: trusts running local Exchange domains were not affected by the farce that was #replyallgate

      What’s your concern?

Comments are closed.