3,000 computers infected and 441 Lancashire NHS appointments disrupted by cyber criminal attack

editorial image

Around 3,000 computers at the Royal Preston and Chorley and South Ribble Hospitals were infected by the cyber attack which caused disruption across multiple NHS organisatioons, it has been revealed.

Lancashire Teaching Hospitals NHS Foundation Trust has also disclosed that 441 procedures and appointments were affected but “were quickly re-arranged.”

Paul Havey, deputy chief executive at Lancashire Teaching Hospitals, said: “We have taken steps to try to safeguard against any possible future risk and have further strengthened the cyber security suite that we have in place.

“We continue to work with NHS Digital to ensure that we follow any national guidance as and when it becomes available.

“Our staff worked around the clock to restore our systems as quickly as possible to ensure our services continued to run effectively and safely for our patients.”

The Johnston Press Investigations Unit submitted Freedom of Information requests to NHS hospital trusts throughout the country before the NHS WannaCry occurred asking them about cyber attacks to their organisation.

Dr Tim Owen

Dr Tim Owen

Lancashire Teaching Hospitals refused the request as they felt it was exempt as it could or be likely to, prejudice the prevention or detection of crime.

They also felt the information could be exploited for the purposes of ransomware, other malware, or to withhold and disrupt IT functionality within the trust and assist criminal offenders, seriously threatening the effective delivery of healthcare by the trust.

However, they have since revealed the information surrounding the aftermath of the WannaCry attack.

Blackpool Teaching Hospitals also refused the request for information about attempted and successful cyber attacks citing safeguarding national security and prevention and detection of crime.

We didn’t realise how technology underpinned what we do, we didn’t even consider the ongoing impact of this kind of thing.

A spokesman said: “If disclosed, this information could be used to identify ways of breaching our trust’s IT security which would thereby put us at increased risk of cyber attack.

“This would potentially put invaluable patient and staff data at risk which the trust has a legal duty to protect under the Data Protection Act and other confidential data which is essential to the running of trust services.”

However, a spokesman from Blackpool Teaching Hospitals said: “Staff at Blackpool Teaching Hospitals worked tirelessly to provide safe and effective care following the ransomware attack which began on Friday May 12.

“IT staff worked round the clock that weekend within the acute hospital, community settings and GP surgeries to restore systems to allow the service to continue to operate.

“On Saturday May 13, it was necessary to cancel a very small number of procedures and these patients were rescheduled. Emergency services were not compromised at any time.

“Not all systems were affected by the malware and we focussed on restoring those that were as quickly as possible.

“At no time was there any risk to patient safety as Blackpool Teaching Hospitals has a robust business continuity system.”

The Wrightington, Wigan and Leigh NHS Foundation Trust said it was targeted with 25,160 attempted attacks in 2015/16, followed by 60,570 in 2016/17 and a further 465 so far this year.

It confirmed the attacks were a mixture of standard malware and ransomware attempts.

But with no data lost, not a single one of the attacks was reported to police.

Six ransomware attacks took place on the University Hospitals of Morecambe Bay NHS Foundation Trust in the past three years, in which “data shared on individuals’ networks or shared drives was encrypted, which we restored from back up.” These incidents were reported by the trust to NHS Digital.

The Southport and Ormskirk Hospital NHS Trust confirmed it cancelled 42 operations and 3,047 appointments with the re-arranged appointments due to run until the end of this month.

A spokesman for the trust said: “Throughout the entire period, the trust protected the A&E department and the emergecny and urgent elective surgery lists to ensure patient safety.”

The Bolton NHS Foundation Trust said it has been facing “continuous attacks” over the past five years, none of which had been successful.

The cyber attack hit numerous NHS organisations on May 12 this year and led to patients being diverted from A&E, routine surgery being cancelled and stopped vital equipment such as MRI and CT scanners from working.

It was initially believed only local NHS computers were affected, with The Blackpool Gazette and the Lancashire Post breaking the news early in the afternoon.

But it quickly became apparent the problem was much more widespread and crippling machines across the national health service network - and indeed around the world.

The WannaCry attack ransomware attack locked users’ files and demanded a $300 (£230) payment to re-open them.

More than 300,000 computers in 50 countries were affected and payments of around $80,000 made to the attackers.

The 47 trusts in England that were affected by the WannaCry cyber attack had failed to install an IT security patch that would have protected their systems and had been sent to them the previous month by NHS Digital.

Dan Taylor, head of cyber security for NHS Digital, told a cyber security conference: “Forty-seven organisations didn’t listen because they were infected but a lot of organisations did.

“There are 30,000 to 40,000 organisations in health and just 47 were infected.”

He also said he believes the incident has made senior clinicians understand the link between cyber security and delivering services to patients.

“The big comment I heard time and time again was: ‘We didn’t realise how technology underpinned what we do, we didn’t even consider the ongoing impact of this kind of thing’.”

Mr Taylor said it is important for trusts to be open and honest about the impact of cyber attacks on their organisations.

He said: “Transparency is difficult because it sometimes leads to difficult questions.

“But we have found that if you are transparent in your data security, when you make mistakes patients are much more willing to forgive you because they know you are trying your best.

“We need patients and patients’ groups to see what we are doing.”

NHS Digital says successful cyber attacks should be reported to relevant law enforcement agencies and even unsuccessful incidents should be treated with the “utmost seriousness” and logged and reported to the authorities.

A spokesman said: “It is important that health and care organisations meet their obligations to report serious cyber incidents to NHS Digital and all relevant authorities in line with existing guidelines.

“Such incidents are not routinely published publicly due to security risks but occur rarely.

“In line with the recommendations from the National Data Guardian’s review into data security, consent and opt-outs, trusts should report serious cyber incidents to NHS Digital and all relevant law enforcement agencies.

“Any incident – whether successful or not – should be treated with the utmost seriousness.”