weerapat1003 - Fotolia

England’s largest NHS trust investigates cyber attack

A cyber attack on England's largest NHS trust has underlined the importance of cyber security at healthcare organisations and has raised renewed fears about NHS legacy IT systems

England’s largest NHS trust has launched an investigation into a cyber attack that forced systems to be taken offline briefly as a precautionary measure.

Initial reports on 13 January said Barts Health Trust, which runs five hospitals in east London, had been hit by a ransomware attack.

But the trust subsequently told the BBC that it had not been hit by malware that encrypts files and demands ransom to decrypt them, and that patient data was not accessed by the attackers.

Investigators are working to determine the nature of the attack and what systems were affected at the trust, which runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals.

“We have tried and tested contingency plans in place and are making every effort to ensure patient care will not be affected,” it said in a statement at the weekend.

In October 2016, three hospitals run by the Lincolnshire and Goole Foundation Trust were forced to cancel patient appointments and shut down systems for repairs after a ransomware attack.

The affected systems were reportedly restored without paying any ransom to cyber attackers.

The latest cyber attack on an NHS trust underlines the threat to healthcare organisations and has raised concerns that many NHS trusts still rely on legacy IT systems that are vulnerable to attack.

The number of ransomware attacks around the world increased rapidly in 2016, affecting a wide range of organisations, including several hospitals.

The trend is expected to continue this year, but security experts say ransomware attacks are likely to become more sophisticated and more targeted.

Read more about ransomware

  • Businesses still get caught by ransomware, even though straightforward avoidance methods exist.
  • Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off guard, but there is a defence strategy that works.

In response to a Freedom of Information request by NCC Group in 2016, 47% of NHS trusts in England admitted they had been targeted, just one trust said it had never been targeted, and the rest refused to comment on the grounds of patient confidentiality.

Another survey, by security firm Sophos, found that 75% of NHS organisations believed they were “protected against cyber crime”, and 84% said encryption was becoming a necessity. However, only 10% said encryption was “well established within the organisation”. 

Since the Northern Lincolnshire and Goole ransomware attack, several trusts have been reviewing their cyber security and bolstering their defences.

In November 2016, a Sky News investigation claimed that seven NHS trusts serving more than two million people had failed to spend any money on cyber security protection in the previous year.

The investigation reportedly found misconfigured email servers and outdated software and security certificates. Researchers also uncovered NHS trusts’ emails and passwords.

Freedom of Information requests from 97 NHS trusts revealed that the annual spend for a single trust was just over £23,000 and that 45 trusts were “unable to specify” their cyber security budgets. Seven said they had spent nothing.

Prioritised needs

Security consultant Jamie Moles of malware detection firm Lastline said NHS trusts understandably prioritised medical needs over administration and operational needs.

“But, while security remains a low priority for NHS management, they will increasingly fall victim to these kinds of threats, which would not be a serious problem except it has previously resulted in cancellation of treatments while the affected systems are investigated and cleaned up,” he told IBTimes UK.

“Moving forward, if we are to prevent these issues causing delays to treatment and potentially deaths, NHS trusts are going to have to invest in technology to deal with ransomware and other targeted malware based threats,” said Moles.

“There are plenty of good technologies available to assist in this issue and they can be scaled effectively and cost-efficiently to cope with massive organisations like the NHS. Unfortunately, Antivirus is not one of them.”

Aatish Pattni, head of threat prevention, northern Europe for security firm Check Point, said organisations needed to be able to prevent infections taking hold in the first place, by scanning for, blocking and filtering out suspicious content before it reached the network. 

“It is also essential that staff are educated about the potential risks of incoming emails from unknown parties, or suspicious-looking emails that appear to come from known contacts,” he said.

Read more on Hackers and cybercrime prevention