Cyberattack on NHS Barts Health Trust concerns management but wasn't ransomware

New Royal London Hospital under construction Matt Brown, Pixabay.com, cc0 license

Thousands of patient files may have been downloaded from the Barts - but a spokesperson said it did not initially look as if patient data was stolen.

by John Mccormick

15 January 2017 at 08:10

Video of the Day: Blasting News

A recent cyberattack was only discovered on January 13 and initial fears were that it may have permitted hackers access to some of the Barts Health Trust computer systems or even planted ransomware.

Cyberattack not ransomware

Initially it was feared that the attack was part of an attempt to encrypt files and demand a ransom to release them. This actually occurred in the Northern Lincolnshire and Goole Foundation Trust during a cyberattack last October - the Trust refused to pay the ransom and had to cancel some services until files could be restored from backups.

Ransomware is a fairly recent development in cybercrime where hackers penetrate a system with mission critical files and encrypt them, then demand payment before they send the information needed to decrypt the files which aren't actually stolen, just scrambled on the original system.

Barts Health Trust

Barts is the largest NHS hospital trust serving The Royal London, St. Bartholomew’s, Whipps Cross, and Newham hospitals

St. Barts Hospital is, of course famous from the original Sherlock Holmes stories as well as the Sherlock TV show but it isn't a mythical location, rather it is a major hospital in London and has a venerable medical school.

It is believed that Saint Bartholomew was the first hospital to make use of the recently discovered X-rays to actually diagnose patients.

St. Bartholomew Medical School is also known for having graduated many well-known doctors as well as Monty Python’s Graham Chapman.

No patients at risk

Unlike other incidents where patient data was stolen or hospital operations were interfered with, despite initial concerns a Barts Health Ttrust spokesperson told the Evening Standard that it wasn’t thought that any patient data had been compromised in the week’s attack.

Although Saturday morning following the discovery all hospital operations were on schedule, a number of computer files stored on hard drives were kept offline just in case there was hidden malware which hadn’t yet been discovered.

Earlier cyberattack

The Bart’s Trust computer system was the object of a cyberattack by hackers in 2008.

A report in The Telegraph indicates that the trust still uses the Microsoft XP operating system which was probably also part of the system in 2008, but there are no reports yet as to whether it was the operating system or a faulty firewall configuration of other hole in the security. The usual way for criminals to enter a system is by tricking system users to open email attachments with hidden malware which opens access to the system for outsiders. This sort of social engineering is the most common way of hacking into a system and has been used to plant a virus or other malware such as a keystroke recorder since the early days of email. Virtually all operating systems and especially Microsoft systems are vulnerable to these attacks.

Content sponsored by Outbrain