Criminal investigation after trust downed in cyber attack
- 3 November 2016
Police are now investigating after a computer virus shut down three northern hospitals for four days.
Northern Lincolnshire and Goole NHS Foundation Trust had its electronic systems infected on Sunday. Most operations and appointments were cancelled from Sunday through to Wednesday.
On Thursday afternoon, a spokesman said the matter had now been handed over to the West Yorkshire Police. A police spokesman said “we are aware of the incident and investigating it as a crime” and police were working closely with the trust. More details were expected to be released next week.
Neither the trust and the police would comment further on the nature of the cyber attack.
Earlier on Thursday, services finally resumed at the trust after four days of disruptions, that result in nearly all appointment and operations being cancelled.
Karen Dunderdale, deputy chief executive, said in a statement at Thursday midday that “our key clinical systems are now operational. It is business as normal for all of our patients due to come in”.
"There continues to be a small number of linkages which enable our systems to talk to each which remain inconsistent," she said.
By Friday afternoon, a trust spokeswoman confirmed all systems were not operating normally and NHS Digital were also involved in an investigation into the attack.
The virus hit all three of the trust’s major hospitals; Scunthorpe General, Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital.
The infection also affected nearby United Lincolnshire Hospitals NHS Trust, which also shares four computer systems with its neighbour. A spokeswoman for the trust said while the virus had not infected its systems directly, some services were cancelled as a precautionary measure.
NHS Digital said it has, and will continue to, offer support and guidance to the trust.
In a statement the organisation said: “This issue highlights the fact that there are threats to data security within the health and care, as with any other sector.
“We remain committed to supporting the protection of data with the highest possible security standards, high levels of security expertise from the centre and appropriate training and awareness of the risks for all staff.”
The government has put increasingly resources into countering cyber-attacks on public infrastructure, public services, and the NHS. Several US health organisations have been subject to a ‘ransomware’ attacks where hackers hijack systems and hold the data hostage.
A local newspaper reported that no ransom is being demanded from Northern Lincolnshire and Goole.
Speaking at EHI Live 2016 in Birmingham, NHS Digital chief operating officer, Rob Shaw, told an audience that while “wasn’t a big massive attack in terms of how it manifested itself” it had had big impact.
“We will work with that trust and we have offered help to that trust to make sure they have remediated appropriately.”
The latest CQC report for Northern Lincolnshire and Goole says the trust requires improvement. However, it does note that the IT team there is award winning for its creation of the trust’s “WebV” virtual ward system.