Scotland Hospital falls victim to ransomware attack -- again

Technology > Security

Photo by: Motormille2 via Wikimedia Commons


NHS Lanarkshire hospital fell victim to a ransomware hack for the second time in recent months.  The UK hospital was initially hit by the WannaCry attack.

Last week hospital cybersecurity detected the attack and was forced to cancel several appointments for patients that day.  The new variant of this Bitpaymer ransomware encrypts files to hold for ransom like previous versions; however, this one also swallows "private sensitive data" and threatens to spread the sensitive information out to the public if the payment of 50 Bitcoins, or about $218,000 from the hospital isn't made.  This, according to Danny Palmer of ZDNet.  

Lanarkshire is the third-largest health board in Scotland, treating over 654,000 people living the surrounding areas.  It also employs about 12,000 staff.  

Medical Director for the acute division Dr. Jane Burns urged patients not to come last Friday after the threat was found.  According to a Facebook post she said not to come "unless it is essential," writing, "If you do turn up at A&E and do not require emergency care you may be sent away from the department or you may experience a lengthy wait." She added, "Emergency care will still be provided for those who do require to be seen."

Calum Campbell, hospital chief executive also wrote in a Facebook post that the hospital had identified the source of the malware, and was investigating how it was able to infiltrate the network. Ultimately, the attack impacted only a few systems, according to Campbell, and staff were able to minimize the impact on patients and keep most services running.  He wrote, "Unfortunately a small number of procedures and appointments have been canceled as a result of the incident," explaining "I would like to apologize to anyone who has been affected by this disruption, however, I can assure you that work is already underway to reappoint patients."

Palmer says the malware likely came from a phishing email, which is how most ransomware are infecting systems these days.  Although NHS Lanarkshire’s systems were said to be up to date, this is allegedly a new strain of Bitpaymer.  According to the hospital, they have received an update from their security provider to protect against Bitpaymer now.

According to ZDNet here are some ways hospitals and other healthcare facilities can protect their information.

* Monitor the internet for dumped user credentials and new attacks.

* Train employees to report malicious emails.

* Build controls that assume compromised credentials.

* Monitor externally accessible servers, such as a mail server of VPN, for unusual activity.


Healthcare organizations and hospitals are said to have the highest vulnerability to ransomware attacks.