Roughly 1,000 patients are set to be impacted by widespread cancellations at three UK hospitals managed by the North Lincolnshire and Goole trust after a computer virus infected critical systems and resulted in officials having to declare a “major incident.”
The NHS hospitals in question, the Diana Princess of Wales in Grimsby, Scunthorpe general and Goole and District, identified the issues on 30 October and urgently called in cybersecurity specialists to investigate the problems – which remain ongoing at the time of writing.
Dr Karen Dunderdale, the trust’s deputy chief executive, said: “A virus infected our electronic systems yesterday and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it.
“Planned operations, outpatient appointments and diagnostic procedures have been cancelled for today and tomorrow.
“All adult patients should presume their appointment / procedure has been cancelled unless they are contacted. Those who turn up will be turned away. Inpatients will continue to be cared for and discharged as soon as they are medically fit. Major trauma cases will be diverted to neighbouring hospitals, as will high-risk women in labour.”
The strain of computer virus remains unclear however it bears the trademarks of a ransomware attack, where hackers infect a system and shut down critical computer networks until money is paid to regain access.
“We are reviewing the situation on an hourly basis,” Dunderdale continued. “Our clinicians will continue to see, treat and operate on those patients who would be at significant clinical risk should their treatment be delayed. Further updates will be posted on the trust website and social media channels. We would like to apologise to all patients who are affected.”
This isn’t the first time NHS institutions have been targeted by cybercriminals. According to cybersecurity firm NCC Group, which questioned 60 NHS Trusts earlier this year, nearly 50% of them had faced ransomware infections in 2015. In one recent case, a hospital in the US was forced to pay $17,000 to cybercriminals to regain access to its computer networks.
Posted to each of the hospitals Twitter profiles was a series of updates. The latest reads: “Major incident: Got an appointment Tue? Unless you have been contacted today to say it is going ahead please presume it is cancelled.”
Another stated: “Patients will still be treated at our emergency departments but may face longer delays than usual. Due to come in for an appointment today? Please assume it is cancelled due to a major incident unless we have called you or it is antenatal.”
Ed Macnair, the chief executive of cloud security firm CensorNet, said: “While the details surrounding this attack are scant it shows just how delicate much of our infrastructure is […] the NHS holds hugely personal information about patients and the consequences of that getting into the wrong hands could be devastating.
“While there’s every chance this particular attack targeted the trust maliciously, it’s just as possible that the virus came from someone clicking the wrong link or visiting the wrong website. Simply, anything remotely suspicious needs to be blocked. Sadly there’s always going to be threats that slip through the cracks.”
As previously reported, statistics released by Big Brother Watch said the NHS faces up to 2,000 data breaches a year. Between 2011 and 2014, based on figures gathered via Freedom of Information requests, it faced 124 incidents “related to IT systems.”
International Business Times