Largest NHS Trust hit by “major” cyberattack
Barts Health NHS Trust—the largest in Britain—with press reports of thousands of sensitive files compromised and pathology systems taken offline has been hit by a major cyberattack. The Barts Health Trust which serves 2.5 million people across east London initially warned that its five hospitals were experiencing a ransomware attack. This is when malicious software blocks access to systems until a sum of money is paid to the hackers.
Hours later the trust said that the attack did not involve ransomware but some IT systems were shut down as a precaution. Although the trust did not release further details, press reports said that files on obsolete Windows XP had been infected. Barts said that its main patient record system and clinical system for radiology were not affected but confirmed that its pathology IT systems had been hit. They are used to process blood tests and other results.
Healthcare publications including Hospital Times have reported widespread concerns among cyber security specialists that patients are being put at risk by the nine out of 10 NHS trusts. These trusts continue to use Windows XP 15 years after its release. Microsoft support for Windows XP ended on April 8, 2014 after which there has been no more security updates or technical support for the operating system.
Mike Hanley, who is Director of Duo Labs at the advanced security research and analysis team at Duo Security, has recently published research analysing more than 2 million devices (see Hospital Times December 2016 page 15). He said that of all the devices running Microsoft browsers analysed in his firm’s research only 3 per cent use the latest, Edge.