Posted on October 10, 2016 by staff

NHS Digital reveals hospital trust ransomware attacks


NHS Digital has acknowledged that NHS Trusts are being hit by ransomware attacks.

A report in the i newspaper at the weekend, citing research by Manchester-based IT security firm NCC Group, claimed at least 28 NHS trusts in England had been affected in the last year.

NCC said the true figure may be much higher as the majority of trusts either declined to provide information or did not respond to the Freedom of Information Act requests.

Ransomware is a form of malware that encrypts computer files and then demands ransom – usually payable in Bitcoin currency – for their release.

Most commonly, ransomware travels via email or hides in downloads and programs from sources that have been corrupted.

Twenty of the trusts did not pay the ransom while eight declined to say whether they had paid.

NHS Digital said the number of attacks that had been reported to it was “fewer than five”.

“In the last year there have been fewer than five reports of ransomware attacks on individual machines on a network used by around two million people,” it said.

“In all reported cases, effective and swift action was taken and no ransoms have been paid.”

NHS Digital recently pledged to foster a cyber security-oriented culture in healthcare as hospitals come under increasing attacks from cyber criminals.

Ollie Whitehouse, technical director of NCC Group, said: “The Health Service is by no means alone in facing this kind of attack.

“But NHS trusts are being increasingly targeted and any loss of patient data would be a nightmare scenario.”

Software security specialists Kaspersky Lab reported a 17.7 per cent rise in worldwide ransomware attacks in the 12 months leading up to March 2016, a total of 2.32 million upon an estimated 58 per cent of corporate PCs worldwide.

It has also emerged that the cyber gangs are employing customer services teams and are willing to negotiate on price and deadline.

There could soon be more malicious attacks coming – but cyber security firms have teamed up with Dutch police and Europol to launch a website dedicated to fighting the surge.