England’s biggest NHS trust says malware was behind a cyber-attack that forced the trust to shut down some IT systems for four days.

Barts Health NHS Trust told staff on Friday morning that it had shut down some of its IT systems to deal with “ransomware virus attack issues”. The trust later clarified that the attack was not ransomware.

In a statement issued on Monday afternoon, the trust said the attack was Trojan malware.

Trojan attacks usually rely on tricking a user into installing the malicious software, which can then be used to copy, block, delete or modify a user's data.

"The particular virus has never been seen before and, whilst it had the potential to do significant damage to computer network files, our measures to contain the virus were successful."

Do you have more information about this story? Contact ben@digitalhealth.net.

The trust confirmed all clinical system had now been restored, including the pathology systems were down for two days. The trust said, "it may take a day or so to deal with the backlog that built up during the short period when we processed requests manually".

A trust's file sharing system remained offline as engineering continued to check for affected files.

No pateint data had been compromised as result of the attack, the trust said.

"No patient data was affected, there was no unauthorised access to medical records, and our anti-virus protection has now been updated to prevent any recurrence."

A trust spokesperson said earlier reports that thousands of files had been infected were incorrect. She would not comment on how the malware had got into Barts' system but said the incident had been referred to NHS Digital, which would help other trusts be prepared.

Barts Health runs five hospitals in East London including Mile End Hospital, Newham University Hospital, The Royal London Hospital, St Bartholomew’s Hospital and Whipps Cross University Hospital. It has a yearly turnover of £1.25 billion and 15,000 staff.

The incident is the second major cyber-attack on an NHS trust in the past three months.

Police are still investigating a ransomware attack at Northern Lincolnshire and Goole NHS Foundation Trust in October, that all but shut down the trust systems for four days, resulting in the cancellation of 2800 appointments. The trust did not pay the ransom.

It also comes against a backdrop of a rising cyber-security threat for the NHS, with concerns that many trusts still rely on legacy IT systems, such as Windows XP, that are vulnerable to attack.

In response to a Freedom of Information Act lodged by NCC Group in last year, 28 NHS trusts confirmed that they had dealt with a ransomware attack in the past year.

Since the Northern Lincolnshire and Goole attack several trusts have been reviewing their cyber security and improving their resilience.

On Thursday, Digital Health News reported that Sheffield Teaching Hospitals NHS Foundation Trust's new information technology strategy identified cyber threats as the biggest digital risk it faced.

“The infection can come from anywhere, sometimes even a trusted source, and therefore we need to be extra vigilant as a cyber-attack could be a case of life or death.”

Pete Banham, a cyber resilience expert at cyber security company Mimecast, said the Barts Health attack "reads like a textbook example".

"Without proper technical controls, it only takes one person to open a malicious email attachment and the attacker is in."

Digital Health Intelligence is holding a Digital Health and Care Cyber Security Summit in London on 24 January. To learn more click here.

Related Content