REVIEW: One month on from WannaCry ransomware attack
- 13 June 2017
Digital Health News provides you with the latest from some of the affected trusts.
Monday was one month on from the WannaCry ransomware attack that floored parts of the NHS, with a total of 47 trusts affected.
Some trusts were forced to divert ambulances, cancel appointments and resort to using pen and paper, and one source is estimating it will be a million pound recovery bill for their trust.
However, it is now clear that part of the disruption across the country was also due to trusts shutting down their systems in a preventative measure.
Kettering General Hospital NHS Foundation Trust
One such trust, Kettering General Hospital NHS Foundation Trust, has provided a detailed time line in its May board papers of how it dealt with the cyber-attack.
The board papers show the trust disconnected itself from the N3, set up a Whatsapp group for senior leaders and e-mail taking offline.
On 12 May at 3:15pm, 15 minutes after the trust was notified of a “major cybersecurity incident” the trust e-mail was taken offline, and at 3:30pm all email inbound and outbound traffic was disabled.
Following discussions both within the trust, and outside, the external N3 connections were disabled at 4:10pm.
By disconnecting with the N3 network the following systems that became unavailable included internet, PACS/RIS, summary care records and chemotherapy prescribing.
A “KGH Incident” Whatsapp group was set up at 5:30pm on Friday to “assist command and control including executive directors, clinical leads and IT management”.
Throughout the weekend, connectivity was gradually restored and on Tuesday at 11:00am the trust reconnected to the N3 network. It took several hours for systems to catch up and synchronise.
Vicki Arnold, the trust’s IT director, provided a statement to Digital Health News that said, “whilst clarity was sought about the vulnerabilities being exploited, as a precaution the trust disconnected itself from the national network (N3)”.
“The trust only cancelled one clinic over the entire period we were affected, and whilst this in itself was regrettable, it is testament to the resilience of our teams that it was only one clinic.”
Arnold thanked all the staff for their hard work, and noted that the trust’s systems did not get infected with the Microsoft patch being deployed on the majority of PCs in March.
Cambridge University Hospitals NHS Foundation Trust
Another trust that remained uninfected but still took precautionary measures was global digital exemplar trust, Cambridge University Hospitals NHS Foundation Trust.
The impact on the trust was compounded by neighbouring trauma units and major trauma units being infected, and therefore ambulances diverted.
The trust’s June board papers said the trust blocked all external e-mail for five days and patched 98% of all end users PCs.
The report added that “communication from NHS England could have been better coordinated, particularly at the beginning of the incident”.
“The trust was not formally notified that NHS England had declared a major incident and their expectations of the trust.”
One of the learning points was that NHS England co-ordination is required from the outset.
“During such events the incident is not confined to those directly impacted and all trusts should therefore be engaged with.”
Barts Health NHS Trust
Barts Health is now fully operational. The largest trust in England was one of the hardest hit having to redirect ambulances away from its three A&E units for six days.
It provided a daily, detailed statement on its website from May 13 to 25 informing patients of its status in relation to the incident.
A Barts spokeswoman confirmed to Digital Health News that “all clinical and non-clinical systems at Barts Health NHS Trust are now back online following the cyber attack that affected much of the NHS on 12 May 2017.”
On 25 May it was steadily bringing its clinical systems back online, with imaging and pathology services running as normal.
Barts was only just recovering from a massive network failure at the end of April which had left staff without access to pathology and diagnostic imaging.
Click here to view Digital Health News’guide on how to protect yourself from ransomware