Hackers who breached Barts NHS Trust exploited a zero-day vulnerability

Pierluigi Paganini March 05, 2017

In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Hackers exploited a zero-day vulnerability.

In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline.

Barts Health Trust runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals.

The hackers used a malicious code to bypass security measured and compromise internal systems.

Shortly after the attack, Barts NHS Trust issued an initial report that confirmed its systems had been infected by ransomware, but further investigation allowed experts to discover that attackers exploited a zero-day vulnerability.

Barts NHS Trust took offline some systems as a precautionary measure and reported that patient data had not been affected by the attack.

Law enforcement and experts are still investigating the case, but the minutes related to a recent board meeting disclosed some new information.

The malware infected all the sites run by the Barts Health Trust except Whipps Cross. The incident response worked correctly and the malware was promptly contained. The malware infected pathology systems, internal personnel switched in manual mode its operations.

“An IT virus had affected the Trust’s networks during January 2017. It was confirmed that this had affected all sites, except Whipps Cross but that the response had been effective and the Trust had swiftly returned to business as usual.” reads the minutes.”The virus had affected pathology systems (requiring the temporary use of manual systems), but no other IT systems used to deliver clinical care. A serious incident investigation was under way and further details would be shared once this had concluded.”

According to Deputy chief executive Tim Peachey, the malware that hit the systems wasn’t a ransomware, and no patient information systems had been compromised. He confirmed that the malware was able to bypass antivirus software because it had not been seen before and leveraged a zero-day exploit.

Barts NHS Trust

The software supplier for the infected application patched the flaw and issued a security patch within 8 hours.

Unfortunately, the number of cyber attacks on hospitals continues to increase and ransomware is among the most dangerous threats to this critical infrastructure.

In November 2016, a malware compromised the National Health Service (NHS) network, hundreds of scheduled operations, appointments, and diagnostic procedures have been canceled.

The hospitals hit by the malware-based attack are all located in the Lincolnshire, in England. In response to the incident, the IT staff shut down all the systems within its shared IT network aiming to “isolate and destroy” the malware.

Some patients, including major trauma patients, were diverted to the neighboring hospitals. The hospitals affected by the incident were the Diana Princess of Wales in Grimsby, Scunthorpe general and Goole and District.

Who will be the next?

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Barts NHS Trust, zero-day)

you might also like

leave a comment