A New Form Of Ransomware Attacks UK Hospital

An NHS hospital group which suffered at the hands of May's WannaCry outbreak has fallen victim to another ransomware attack and has been forced to cancel a number of patient appointments as a result.

Malware was detected in NHS Lanarkshire IT systems on Friday 25 August and the cyber-attack has since been identified as a new variant of Bitpaymer ransomware.

Like other forms of ransomware, it encrypts files and holds them to ransom in exchange for a Bitcoin payment, although in this case, it's an unusually high fee of 50 Bitcoins, currently £168,155/$218,000. Those behind Bitpaymer also claim to have gathered "private sensitive data" from their victims and threaten to share it in the event of non-payment.

NHS Lanarkshire employs 12,000 staff across three hospitals Hairmyres, Monklands and Wishaw General Hospital, which provide healthcare services for the population of over 654,000 people in the North and South Lanarkshire regions. That figure makes it the third largest health board in Scotland.

Following the discovery of the infection on a handful number of systems, the hospital board says that IT staff worked over the weekend to secure and reinstate IT systems with the minimal possible disruption, although patients were asked to avoid attending Accident & Emergency unless the need was essential.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday 28th August," said NHS Lanarkshire chief executive Calum Campbell.

While almost all the systems that were affected were restored, back to normal, in a relatively short amount of time, a number of patient appointments had to be cancelled, but Lanarkshire assures those affected that they'll receive new dates soon.

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments," said Campbell.

NHS Lanarkshire is working with its IT service providers to investigate how the Bitpaymer infection managed to infiltrate its network - although it's likely that as is the case with most forms of ransomware, the payload would've been delivered with a phishing email.

The hospital group says its software and systems were up to date, but as this was a new strain of Bitpaymer, Lanarkshire's security provider has now issued an update to protect against the new strain.

Lanarkshire was one the NHS organisations most disrupted by the earlier WannaCry outbreak, which happened to particularly infected UK hospitals due to their unfortunate reliance on bespoke software and unsupported Windows operating systems.

However, hospitals are a popular target for ransomware attacks as the perpetrators know that the healthcare sector can't afford to not have access to their networks. Because of this, many cyber criminals will devise campaigns to specifically target hospitals - as demonstrated by recent Defray ransomware attacks.

ZD Net:

You Might Also Read:

Urgent: Investment In NHS Cybersecurity:

How Cybercrime Affects The Healthcare Industry:

« IoT For Business & Creating 'Digital Twins'
AI Attacks Are Just Around The Corner »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

Lookout

Lookout

Lookout takes a mobile-first approach to security and protects mobility for some of the world's largest enterprises, critical government agencies, and millions of individuals worldwide.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Nakivo

Nakivo

Nakivo provides fast, reliable, and affordable VM backup, replication, and disaster recovery solutions for VMware, Nutanix AHV, AWS EC2.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).