North Lincolnshire and Goole NHS Foundation Trust’s IT systems appear to be back up and running several days after a warning note on its main website revealed a “virus” infection had forced a shut down.
In an update to the original notice, the Trust said:
“The majority of our electronic systems are now back up and are working. If you are due to come in for an appointment, procedure, operation or scan on Thursday November 3, please attend.”
The initial infection appeared to happen last weekend, meaning the Trust and the hospitals it runs in Scunthorpe, Goole and Grimsby were forced to function with limited services for over half a week.
All operations, outpatient appointments and diagnostic procedures were cancelled as a precaution, and major trauma cases and “high risk women in labour” transferred to nearby hospitals as a result of the decision to pull the plug on IT systems.
Only antenatal clinics and chemotherapy alongside a skeleton A&E service are thought to have survived over the period – highlighting the importance of digital technologies to the smooth running of healthcare systems.
Although unconfirmed, it’s highly likely that the ‘virus’ infection was in fact a ransomware attack – there are few other cases in which IT managers take the decision to disconnect mission critical systems to prevent the spread of an infection.
Spencer Young, regional vice president at Imperva, argued that as long as victim organizations are willing to pay up, ransomware authors will continue to adapt their tools to make such attacks more effective with minimum effort.
“Organizations who hold patient record data should have good backup processes and real time file activity monitoring in place. The first one ensures that no long-term damage can be done either on a work station or a file share,” he explained.
“Second ensures that infected individual machines cannot affect file servers. The interesting thing about this attack vector is that it shows how simple ransomware is and how easy it is to inflict damage.”