lolloj - Fotolia
Most IT systems at Northern Lincolnshire and Goole Hospitals NHS Foundation Trust are now working normally after a computer virus outbreak.
The trust discovered a computer virus on Sunday 30 October, which led to it declaring a major incident, shutting down its IT systems and cancelling almost all planned operations and outpatient appointments for four days.
The trust operates three local hospitals – Scunthorpe General, the Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital – covering a population of 350,000 people.
In a statement on its website, the trust said that as of this morning (3 November), “the majority of our electronic systems are working” and it encouraged people to arrive for their appointments on time.
The trust has not divulged the nature of the virus, but local newspaper the Grimsby Telegraph reported that no ransom had been demanded and it appeared to be a completely random attack.
In an interview with Computer Weekly earlier this year, NHS Digital’s programme director for the care computing emergency response team (CareCERT), Dan Taylor, said NHS organsiations should not be afraid to acknowledge that cyber attacks will happen.
“Do we really think, in a digital world, that it won’t happen?” he said.
“We should not be afraid of acknowledging that something may happen. It’s the simple thing that if you don’t prepare for it and you have the mentality that it won’t happen, you’re not prepared.”
A study by security firm NCC Group found that 47% of NHS trusts in England admit having been targeted by ransomware attacks, while one single trust said it had never been targeted, and the rest refused to comment on the grounds of patient confidentiality. Only one trust said it had contacted the police about an attack.
Another survey, by IT security supplier Sophos, found that 75% of NHS organisations believed they were “protected against cyber crime”, and 84% said encryption was becoming a necessity. However, only 10% said encryption was “well established within the organisation”.
Rob Shaw, NHS Digital’s cyber security centre chief operating officer, announced earlier this year that the centre had developed 10 standards for cyber security in the NHS in order to improve security and public trust in the service.
“Although the amount of malicious traffic on the national NHS network [N3] is around the same level of other sectors at 0.3%, security and integrity of data in healthcare is absolutely critical,” said Shaw.
The NHS was the UK’s biggest victim of data breaches last year, mainly because of data leakage and hardware loss, according to the Information Commissioner’s Office (ICO).
Last year, the ICO gained the right to force audits on NHS authorities to ensure compliance with the Data Protection Act, and can serve notice on public authorities, including NHS organisations.