niyazz - Fotolia

NHS Lanarkshire recovers from ransomware attack

The Scottish health board was hit by a cyber attack over the weekend, affecting several IT systems and leading to cancelled operations and appointments

NHS Lanarkshire was hit by yet another cyber attack on Friday 25 August, which led to the health board having to shut down several IT systems as it worked to identify the source of the attack.

The Scottish health board, which was one of the worst affected in Scotland by the WannaCry attack earlier this year, detected malicious software in its IT systems on Friday afternoon.  

The attack led to the health board being forced to cancel a small number of operations and appointments, and Jane Burns, medical director for the acute division, asked people to “think” before coming to A&E, and only show up if it is “essential”, while the systems were down.

IT staff worked around the clock to reinstate the health board’s IT systems, and on Saturday 26 August, NHS Lanarkshire’s chief executive Calum Campbell said in a statement that they had “identified the source of the malware” and was continuing investigations “as to how this was able to infiltrate our network”. 

“Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems have been affected, and these are in the process of being fixed,” he said.

According to the BBC, the cyber attack was caused by a malware identified as Bitpaymer, a relatively new form of ransomware. 

The trust added on its Facebook page that its security software was “up to date, but nothing offers 100% protection”, and told the BBC that “following analysis of the malware, our security providers issued an updated signature so that this variant can now be detected and blocked.”

Read more about cyber attacks in the NHS

  • Computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts.
  • An incident waiting to happen – the cyber-crippling of the NHS.
  • An approach built on partnerships, sharing and mutual accountability is essential to ensure a cyber-safe NHS, according to BCS, the Chartered Institute for IT.

The health board covers four hospitals as well as community and GP services. Campbell said he apologised to patients affected by the disruption and asked those attending hospital or out-of-hours services to “bear with us as they may experience longer waits than usual”.

A trust spokesperson added that the attack is nowhere near the scale of the WannaCry attack in May, which affected about 50 trusts in England, including hospitals, GP surgeries and pharmacies, as well as 13 NHS organisations in Scotland.  

The attack highlighted the vulnerability of unpatched operating systems, with the attack exploiting a vulnerability that had been patched by Microsoft two months before.

Cyber security support deal

Earlier this month, NHS Digital signed a cyber security support deal with Microsoft. The support agreement covers all NHS organisations in the UK until June 2018, and includes security updates for Windows XP, Windows Server 2003 and MS SQL 2005. 

Microsoft will also provide NHS Digital with a “centralised, managed and coordinated framework for the detection of malicious cyber activity through its enterprise threat detection software”.

Earlier this summer, the government also annouonced an investment boost in NHS data and cyber security above the £50m identified in the Spending Review to address key structural weaknesses, such as unsupported systems.

The additional funding is part of a package of measures to improve NHS cyber security, announced by the government in response to a review on data security and data sharing in the health and social care system by national data guardian Fiona Caldicott, published in July 2016. 

Read more on Healthcare and NHS IT