England’s largest NHS trust has been hit by a cyber attack, further highlighting how vulnerable healthcare systems are.
Barts Health Trust, which operates The Royal London, St Bartholomew’s, Whipps Cross, Mile End, and Newham hospitals has announced it is investigating a breach, but added that it has ruled out a ransomware attack as the cause.
While it has not revealed the extent of the attack, or which systems were involved, it believes no patient data was accessed.
A statement sasys: “We are urgently investigating this matter and have taken a number of drives offline as a precautionary measure.
"We have tried-and-tested contingency plans in place and are making every effort to ensure patient care will not be affected."
The incident follows a similar attack on the Northern Lincolnshire and Goole Foundation Trust in October, when malware was used to encrypt files on the trust's system. The culprits then demanded a ransom in order to access them again.
We have tried-and-tested contingency plans in place and are making every effort to ensure patient care will not be affected
While the trust did not pay out, services were interrupted as appointments had to be cancelled.
The latest incident further highlights the vulnerability of healthcare systems.
Speaking to BBH following the Barts attack, David Gibson, vice president of strategy and market development at software firm, Varonis, said: “The attack on the largest NHS hospital trust in England is another canary-in-the-coal-mine incident raising awareness for how much sensitive data is overexposed and at risk within organisations.
"Barts Health NHS has said it is following a contingency plan by taking offline the infected systems. However, the trust should be thanking the criminals for shining a big, bright spotlight on the holes in their defences that allowed them to attack in the first place.
Organisations should monitor their IT infrastructure, specifically users and the files and emails they can access, and then perform regular attestations of access rights to reduce unnecessary exposure
“If ransomware can temporarily halt productivity because it was spotted and stopped too far into the infection, only image what a malicious insider or external actor with co-opted credentials can do to an organisation and how long they can go undetected.
"Organisations should monitor their IT infrastructure, specifically users and the files and emails they can access, and then perform regular attestations of access rights to reduce unnecessary exposure.
“Additionally, organisations should employ a user behaviour analytics solution to look for, and stop, anomalous behaviour that indicates ransomware or other dangerous breaches."