One of the country’s biggest trusts was bombarded with 19 ransomware attacks in 12 months, said one of 27 trusts that admitted to being attacked.
In response to a Freedom of Information Act request, Imperial College Healthcare NHS Trust disclosed that it had been targeted by ransomware at rate of more than once a month in 12 months to 1 July 2016.
No other trusts that responded to the FOI requests, filed by cyber security firm SentinelOne, disclosed more than five attacks in the 12 months.
In a statement provided to Digital Health News, a trust spokeswoman said: “the trust takes the security of its network extremely seriously and has measures in place to respond to attacks. All ransomware attacks on the trust have been successfully recovered from with no effect on services, no ransom paid and no data lost.”
Imperial is one of the biggest trusts in the country, covering five hospital in central and west London.
Digital Health News understands that there have been no ransomware attacks at Imperial since July, coinciding with switch to the new, more secure, NHSmail 2 service.
Overall, 129 trusts were approaching for figures on their number of ransomware attacks. Of the 94 that responded, 27 disclosed that “an external hacker encrypted a PC or device or network within your organisation and demanded payment in order to decrypt the device”.
Of these, 22 trust said an attack had occurred in the past year but none admitted to paying a ransom with most relying on back-ups to replace encrypted data.
Most ransomware disclosed by trusts used a phishing attack, essentially an email designed to deceive users into disclosing log-in, password or other sensitive details, and then gained access to the trust’s data through a networked device.
Phishing attacks are becoming increasing sophisticated and targeted, using a person’s social media and other online disclosures to tailor the attack.
Last year an NHS Digital staff member was caught by such a spear phishing email, purportedly from an old friend.
NHSmail accounts have been compromised on several occasions, most recently in December, and used to send millions of phishing emails from a seemingly trustworthy source.
The cost of ransomware attack, even when data is not lost, can be high, as trusts can be forced to shut down their IT systems until the virus is isolated.
In October, last year, Northern Lincolnshire and Goole NHS Foundation Trust shut down most of its electronic systems for four days to deal with ransomware attack, forcing the cancellation of 2800 patient appointments.
On 13 January, the biggest NHS trust in the country, Barts Health NHS Trust, shut down several IT systems after a suspected ransomware attack. The attack was later confirmed as Trojan malware, rather than ransomware.
Many trusts are currently reviewing their cyber security arrangements in light of recent attacks and more central support, through NHS Digital, for guarding against attacks.
Digital Health Intelligence is holding a Digital Health and Care Cyber Security Summit in London on 24 January. To learn more click here.