Hospitals of the National Health Service (NHS) network were paralyzed by a malware

Pierluigi Paganini November 03, 2016

A malware compromised the NHS network, hundreds of scheduled operations, appointments, and diagnostic procedures have been canceled.

The situation is becoming even more worrying and dangerous, healthcare  industry continues to be targeted by hackers and malware.

Cyber attacks on hospitals is a disconcerting trend emerged across the years, they represent a serious threat for data and patient health.

A cyber attack could paralyze a hospital with dramatic repercussion and unpredictable consequences.

On Sunday, a malware compromised the National Health Service (NHS) network, hundreds of scheduled operations, appointments, and diagnostic procedures have been canceled.

The hospitals hit by the malware-based attack are all located in the Lincolnshire, in England. In response to the incident, the IT staff shut down all the systems within its shared IT network aiming to “isolate and destroy” the malware.

Some patients, including major trauma patients, were diverted to the neighboring hospitals.

The hospitals affected by the incident are the Diana Princess of Wales in Grimsby, Scunthorpe general and Goole and District.

The Northern Lincolnshire and Goole NHS Foundation Trust (NLAG) announced that hospital systems in Scunthorpe and Grimsby were infected with a virus on October 30. The foundation classified the issue a ‘Major incident’ on its website and via Twitter.


“We have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it,” the NHS wrote on its website. “All planned operations, outpatient appointments and diagnostic procedures have been canceled for Wednesday, Nov. 2 with a small number of exceptions.”

At the time I was writing the situation is returning to normal, the major systems are up and running again. The NHS Trust has not provided further details on the malware-based attack neither on a possible data breach.

Security experts confirm that a growing number of cyber-attacks continue to hit hospitals threatening unpatched medical devices.

In late 2015, MaineGeneral Health, a new state of the art hospital located in Augusta, Maine, reported that it had fallen victim of a cyberattack that leaked the names, addresses, and phone numbers for patients of its radiology services since June 2009.  The attack is one of many in the past year where targeting of the medical industry, particularly hospitals, is on the rise.

Hollywood Presbyterian Hospital, Methodist Hospital in Henderson, Kentucky, Chino Valley Medical Center, and Desert Valle Hospital are just but a few of the medical facilities hit with a wave of Cryptolocker attacks, costing an untold amount in ransom and cleanup. Then there’s MedStar, the Washington D.C. based hospital chain whose infrastructure was crippled with a virus in late March.

Then there’s MedStar, the Washington D.C. based hospital chain whose infrastructure was crippled with a virus in late March.  According to one report some 35,000 employees could not access emails or access patient records.  Cybercriminals behind the attack demanded 45 Bitcoins, at the time worth US$45,000, to unlock its systems and threatened to destroy the private key used to encrypt MedStar’s data if payment wasn’t made within ten days.  Interestingly, the hackers also gave MedStar the option of releasing one computer at a time for 3 Bitcoins – how nice of them. It’s unknown whether or not MedStar paid the ransom or not but reported four days later they had recovered “90 percent of its functionality.”

The medical industry has become a fertile ground for cybercriminals and an industry that appears to be left lagging behind other critical infrastructures that have focused on hardening its networks for years, like the financial services industry.  Hospitals are a smorgasbord of the personal identifiable information and payment systems that make it attractive for snoops, thieves, and extortionists alike.

In February, two German hospitals were infected by a ransomware, in a similar way occurred at the US Hollywood Presbyterian Medical Center.

Back to the NHS Trust case, there is no news about the type of malware that hit the system, someone speculated the malicious code could likely be a ransomware that has previously targeted other hospitals and healthcare facilities.

Cyber security for critical infrastructure, and in particular for hospitals is a must for the cyber strategy of any government.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – NHS Hospitals, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment