A ransomware attack appears to be behind the four-day shut-down of a northern trust, that lead to the cancellation of nearly 3,000 patient appointments.

The latest board papers from Northern Lincolnshire and Goole NHS Foundation Trust show the 30 October was a “variant of a malware package” that infected its systems through a “remote intruder”.

A report adds that even though the attack was halted, “data elements on a number of trust servers were encrypted”, suggesting that the attack involved ransomware.

Northern Lincolnshire and Goole detected the virus on a Sunday and responded by shutting down the majority of its IT systems on the basis of "expert advice" that this would help isolate and destroy the virus.

The major incident lasted another three days, with a total of 2,800 patient appointments being cancelled, before the systems could be safely restored.

Even in late November, the board papers said the “technical recovery” was ongoing. However, a trust spokesperson said on Thursday that all the systems were now up and running.

The attack is also being investigation by West Yorkshire Police, with a spokesperson telling Digital Health News on Thursday that inquiries were ongoing.

The virus hit all three of the trust’s major hospitals; Scunthorpe General, Diana Princess of Wales Hospital in Grimsby, and Goole and District Hospital.

Most operations and appointments were cancelled for four days, and patients were urged to only visit the emergency departments “if you absolutely need to”.

The nearby United Lincolnshire Hospitals NHS Trust, which shares four computer systems with its neighbour, was also affected, with some services cancelled as a “precautionary measure”.

Cyber-attacks are a growing concern within the NHS, where there is a big base of legacy IT systems that are particularly vulnerable.

Last month, the neighbouring Hull and East Yorkshire Hospitals NHS Trust published its current approach to cyber security, aimed at providing assurance to its board in the wake of the Northern Lincolnshire attack. 

The report says the trust's “biggest potential exposure is a ransomware attack”, which “can have a catastrophic impact”.

“Technical controls cannot prevent this,” the Hull and East Yorkshire report said.

Last year, NHS Digital set-up CareCert (the Care Computing Emergency Response Team) to help build resilience against cyber-attacks, both among individual trusts and across national IT infrastructure.

In September, the CareCERT unit started to offer new services to help trusts defend against cyber-attacks and a support team to help them respond to a successful attack.

During the Healthcare Efficiency through Technology show in London in September, NHS Digital's chief operating officer, Rob Shaw, said the organisation had uncovered widespread and frequent attacks on the NHS, with ransomware a particular issue.

* Criminal investigation after trust downed in cyber attack
* Virus all but shuts down Northern Lincolnshire and Goole
* Dave WInder: Ransomware – it's over here