Almost 30 NHS trusts may have been hit by so-called ransomware attacks in the past year, it has been reported this morning.

The i website led to a number of papers reporting that 28 trusts in England had been the victim of the attacks, in which hackers manage to encrypt data and then seek to extort money to restore access.

The original source appears to be the NCC Group, which put out a release in August saying that it had made Freedom of Information Act requests to trusts, asking if they had been a victim of ransomware.

Some 60 trusts responded, with 31 declining the request. FoI responses on trust websites indicate that many refused on the grounds that releasing any information could “motivate assaults on the trust’s ICT infrastructure” or undermine confidence in the NHS’ ability to handle data.

Of the trusts that responded, 28 said they had been the victim of a ransomware attack in the past year, with a further trust saying it had been infected in the past.

The i said this morning that four of the incidents that were reported were significant enough for the trust in question to report them as a potential breach of data protection or confidentiality laws.

NHS Digital, the body which oversees cyber security for the health service, said attacks were on the increase.

However, it also told the i: “Incidents are rare and in the last year there have been fewer than five reports of ransomware attacks on individual machines on a network used by around two million people.”

As Digital Health News reported when it launched its new cyber security hub, ransomware is a significant issue in the US, where many healthcare insurers and providers have been targeted.

In one well known attack, Hollywood Presbyterian Medical Centre in Los Angeles had to pay a ransom to get its systems unlocked. It said at the time that this was the “quickest and most efficient way to restore our systems and administrative functions.”

However, most security experts advise ransomware victims not to pay up, but to make sure they can always restore their systems from back-ups.

NCC Group warned in August that many ransomware attacks start with spear phishing, in which an individual is tricked into opening an email or attachment that gives the hacker access to systems.

Spear phishing also seems to have been behind the recent, successful, attempt to break into the World Anti-Doping Agency’s database of tests on athletes.