A ransomware attack temporarily blocked St John Ambulance staff from accessing its systems, according to its website. At 9am on Tuesday July 2 2019, the attack was detected and was resolved within half an hour.
On its website, St John confirmed that a 'data incident' had taken place and had blocked its employees from accessing the system responsible for booking training courses. However, the organization is "confident" that data has not been shared outside of the company, and that it has informed the Information Commissioner's Office, the Charity Commission and the police of the attack.
Ransomware is a type of malware that gains access to files and systems, blocks them, and often requests a ransom to return access back to the organization. It is the same type of malware that was used as part of the WannaCry attacks on the UK's NHS, which cost the government £92m.
As part of its official FAQ on the attack, St John has confirmed that data such as a person's name, invoicing details and driving license data are among information compromised by the attack. However, those with credit card details are advised not to worry as they are handled by third-party, Barclaycard SmartPay.
“The only data that has been affected relates to our training course delivery,” says the website. “It does not cover supplies, events, ambulance operations, volunteering, volunteer, data, employee data, clinical data or patient data.
“We work as hard as we can to protect our data systems from these types of attacks and employ a range of third-party partners and cyber-crime solutions to continually update our protection.”
The attack comes as research was presented to the House of Lords on Tuesday July 2 2019, on the urgency to address cybersecurity risks within the NHS.
Javvad Malik, security awareness advocate at KnowBe4, commented that St John demonstrated a strong incident response, but that they still need to be vigilant: “It appears as if this ransomware attack is limited to a segregated training system and contains limited data. It's worth noting that SJA has demonstrated strong incident response procedures here with a transparent and timely response notifying the public, police, and the ICO.
“Beyond that, it's unclear how the ransomware infected the systems, but it wouldn't be surprising to hear that the infection arose from a phishing attack,” he continued. “This serves as a reminder that organizations should train their staff on being able to identify a phishing email and not click on malicious links.”