Barts Hospital battles malware outbreak, insists it's not ransomware

News by Rene Millman

NHS trust denies that ransomware was spreading through systems as probe launched to ascertain extent and source of infection at its four hospitals.

The Barts Health Trust has confirmed that it has experienced an attack on its computer systems over the past few days but categorically denied that it was subject to a ransomware attack.

The Trust runs four hospitals in East London – The Royal London, St Bartholomew's, Whipps Cross, Mile End and Newham hospitals – and is England's largest NHS trust.

In a statement, a spokesperson for the trust said that it is continuing to urgently investigate this matter and has “taken a number of drives offline as a precautionary measure”.

“Importantly, we can now rule out ransomware as the root cause. We have also established that in addition to the Trust's core clinical system Cerner Millennium, Radiology and imaging from X-rays and scans continue to be used as normal. We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected,” said the spokesperson.

The trust has not said how many of its systems have been affected or if any patient data has been compromised. Earlier reports said its pathology service had been taken offline. It has been suggested that the continuing use of Windows XP in healthcare has put organisations at risk as this ageing operating system no longer receives any security updates.

The incident follows a similar attack on Northern Lincolnshire and Goole Foundation Trust in October, when ransomware was used to encrypt files on systems and then demand money to decrypt them. While the trust did not pay up, its systems had to be closed to allow removal of infected files.

Jonathan Martin, EMEA operations director at Anomali, told SC Media UK that when dealing with sensitive data, companies are at greater risk than most and therefore have a greater responsibility to ensure these types of attacks are mitigated. 

“Organisations, particularly those whose priority it is to preserve the nation's wellbeing, have to realise that not only will they be compromised in the future, they almost certainly already have been. So, we need to start thinking along different lines about how we deal with such breaches,” he said.

“Education of staff as well as adding in multiple sources of threat intelligence to monitor applications is a great place to start – this reduces the average 200+ days to identify a breach down to a much smaller number and distills malicious activity into actionable data that can help protect organisations going forward.”

John Bambenek, threat intelligence manager at Fidelis Cybersecurity, told SC that hopefully the trust will be able to recover.

“Cyber defence is essential, but it's no longer enough – organisations of all sizes need to invest in detecting threats as well.  Only then will cyber-criminals be caught early enough to expel them from the network before serious damage is done,” he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews