A New Form Of Ransomware Attacks UK Hospital

An NHS hospital group which suffered at the hands of May's WannaCry outbreak has fallen victim to another ransomware attack and has been forced to cancel a number of patient appointments as a result.

Malware was detected in NHS Lanarkshire IT systems on Friday 25 August and the cyber-attack has since been identified as a new variant of Bitpaymer ransomware.

Like other forms of ransomware, it encrypts files and holds them to ransom in exchange for a Bitcoin payment, although in this case, it's an unusually high fee of 50 Bitcoins, currently £168,155/$218,000. Those behind Bitpaymer also claim to have gathered "private sensitive data" from their victims and threaten to share it in the event of non-payment.

NHS Lanarkshire employs 12,000 staff across three hospitals Hairmyres, Monklands and Wishaw General Hospital, which provide healthcare services for the population of over 654,000 people in the North and South Lanarkshire regions. That figure makes it the third largest health board in Scotland.

Following the discovery of the infection on a handful number of systems, the hospital board says that IT staff worked over the weekend to secure and reinstate IT systems with the minimal possible disruption, although patients were asked to avoid attending Accident & Emergency unless the need was essential.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday 28th August," said NHS Lanarkshire chief executive Calum Campbell.

While almost all the systems that were affected were restored, back to normal, in a relatively short amount of time, a number of patient appointments had to be cancelled, but Lanarkshire assures those affected that they'll receive new dates soon.

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments," said Campbell.

NHS Lanarkshire is working with its IT service providers to investigate how the Bitpaymer infection managed to infiltrate its network - although it's likely that as is the case with most forms of ransomware, the payload would've been delivered with a phishing email.

The hospital group says its software and systems were up to date, but as this was a new strain of Bitpaymer, Lanarkshire's security provider has now issued an update to protect against the new strain.

Lanarkshire was one the NHS organisations most disrupted by the earlier WannaCry outbreak, which happened to particularly infected UK hospitals due to their unfortunate reliance on bespoke software and unsupported Windows operating systems.

However, hospitals are a popular target for ransomware attacks as the perpetrators know that the healthcare sector can't afford to not have access to their networks. Because of this, many cyber criminals will devise campaigns to specifically target hospitals - as demonstrated by recent Defray ransomware attacks.

ZD Net:

You Might Also Read:

Urgent: Investment In NHS Cybersecurity:

How Cybercrime Affects The Healthcare Industry:

« IoT For Business & Creating 'Digital Twins'
AI Attacks Are Just Around The Corner »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

CIRT.ME

CIRT.ME

National Computer Incident Response Team of Montenegro.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.