Aggressive ransomware blamed for NHS cyber-attack

Cyber Security, News

  • 5 December 2016
Aggressive ransomware blamed for NHS cyber-attack
Laura Stevens
December 1, 2016

The Globe2 ransomware virus has been singled out as the culprit in the cyber-attack that took down a northern NHS trust's systems for four days.

Northern Lincolnshire and Goole NHS Foundation Trust confirmed in a statement on Monday that the shutdown, which led to cancellations of 2800 appointments, was due to a variant of ransomeware called Globe2.

Globe2 works similarly to other ramsonware viruses, but uses a Blowfish data encryption, by ecrypting files and demanding money to release them. It has been described by security experts as very aggressive

Pam Clipson, director of strategy and planning at the trust, said: “Any potentially encrypted servers were checked and cleansed both prior to switching off and before returning to ‘live’ status”.

“The majority of our systems were up and running again within 48 hours.”

A trust spokesperson confirmed on Thursday that all the systems were now up and running.

The latest board papers from the trust show the 30 October attack infected the systems through a “remote intruder”, and that “data elements on a number of trust servers were encrypted”.

The attack is also being examined by West Yorkshire Police, with Clipson adding as the police’s investigation is “still in progress, it could be prejudicial to publish any further detail about the case, including the exact details of how the perpetrator gained access”.

When it hit, most operations and appointments were cancelled for four days, and patients were urged to only visit the emergency departments “if you absolutely need to”.

The outage affected all three of the trust’s major hospitals; Scunthorpe General, Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital.

This ransomware attack will add to the growing concern within the NHS of cyber-attacks, where there is a big base of legacy IT systems that are particularly vulnerable.

To help the NHS build its resilience, NHS Digital set up CareCert (the Care Computing Emergency Response Team) last year for both individual trusts and across national IT infrastructure.

In September, the CareCERT unit started to offer new services to help trusts defend against cyber-attacks and a support team to help them respond to a successful attack.

Clipson said the trust wanted to assure its patients and stakeholders that it “acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information at this time on the exact steps we have taken”.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Site visit: ONC course at Clatterbridge

Next News

New clinical IT framework launched

Related News

Two more Liverpool hospitals impacted by Alder Hey cyber attack
News December 5, 2024

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Alder Hey Children's NHS Foundation Trust has announced that the cyber attack it suffered last week has impacted two more hospitals.
Synnovis staff to strike following ‘alarming impact’ of cyber attack
News December 5, 2024

Synnovis staff to strike following ‘alarming impact’ of cyber attack

Staff working for NHS pathology provider Synnovis have announced plans to strike for five days, following a major cyber attack in June 2024.
Major cyber security incident declared at Merseyside hospital
News November 26, 2024

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.