Misconfigured firewall blamed for hospital ransomware infection
Globe2 ransomware took the hospitals in the Northern Lincolnshire and Goole NHS Foundation Trust offline for four days.
A ransomware attack which took a hospital offline for four days and resulted in the cancellation of 2,800 patient appointments has been blamed on a misconfigured firewall.
The Northern Lincolnshire and Goole NHS Foundation Trust declared a "major incident" after a "computer virus" infected its systems on Sunday, 30 October, and full service didn't resume until Wednesday, 2 November.
Clinical systems across the Trust's three hospitals were shut down as staff attempted to contain the incident, which was later revealed to have been caused by a Globe2 ransomware infection. Northern Lincolnshire said it didn't pay cybercriminals a ransom in order to restore its systems.
Now newly released minutes from a Trust board meeting reveals that cybersecurity company NCC is investigating the incident and that "a misconfiguration of the firewall" was the biggest issue which led to hospital systems becoming infected.
According to the minutes of the meeting, an order had been made to fix the fault, "but the attack happened before the necessary work on weakest parts of the system had been completed".
Northern Lincolnshire NHS Trust isn't releasing the NCC report about the cyberattack and a spokesperson wouldn't comment on what the misconfiguration was "due to the ongoing police investigation".
However, the board papers say there's no evidence that any data on the systems has been viewed or stolen and that the Trust is following various recommendations from NCC on how to avoid falling foul of future attacks.
Northern Lincolnshire NHS Trust's systems are set to undergo penetration testing, and hospital staff will be trained on cybersecurity awareness. The training will include helping them identify emails asking them to share login details and passwords -- a common method of attack used in phishing attacks.
Hospitals are an appealing target for cybercriminals to attack, not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital and sensitive.
The largest hospital group in the UK, Barts Health NHS Trust, was recently forced to take systems offline as a precaution in after being hit by a Trojan malware cyberattack.
Read more on cybercrime
- Hackers split on 'ethics' of ransomware attacks on hospitals
- This is how far phishers will go to make you click on a bogus link
- Report: 82% of hospitals fear they aren't prepared for mobile cyberattacks [TechRepublic]
- Easy to carry out, difficult to fight against: Why ransomware is booming
- Securing the human operating system: How to stop people being the weakest link in enterprise security