Misconfigured firewall blamed for hospital ransomware infection

Northern Lincolnshire and Goole NHS Foundation Trust blames "a misconfiguration of the firewall" for a cyberattack which resulted in 2,800 appointment cancellations.
Written by Danny Palmer, Senior Writer

Globe2 ransomware took the hospitals in the Northern Lincolnshire and Goole NHS Foundation Trust offline for four days.

Image: NHS

A ransomware attack which took a hospital offline for four days and resulted in the cancellation of 2,800 patient appointments has been blamed on a misconfigured firewall.

The Northern Lincolnshire and Goole NHS Foundation Trust declared a "major incident" after a "computer virus" infected its systems on Sunday, 30 October, and full service didn't resume until Wednesday, 2 November.

Clinical systems across the Trust's three hospitals were shut down as staff attempted to contain the incident, which was later revealed to have been caused by a Globe2 ransomware infection. Northern Lincolnshire said it didn't pay cybercriminals a ransom in order to restore its systems.

Now newly released minutes from a Trust board meeting reveals that cybersecurity company NCC is investigating the incident and that "a misconfiguration of the firewall" was the biggest issue which led to hospital systems becoming infected.

According to the minutes of the meeting, an order had been made to fix the fault, "but the attack happened before the necessary work on weakest parts of the system had been completed".

Northern Lincolnshire NHS Trust isn't releasing the NCC report about the cyberattack and a spokesperson wouldn't comment on what the misconfiguration was "due to the ongoing police investigation".

However, the board papers say there's no evidence that any data on the systems has been viewed or stolen and that the Trust is following various recommendations from NCC on how to avoid falling foul of future attacks.

Northern Lincolnshire NHS Trust's systems are set to undergo penetration testing, and hospital staff will be trained on cybersecurity awareness. The training will include helping them identify emails asking them to share login details and passwords -- a common method of attack used in phishing attacks.

Hospitals are an appealing target for cybercriminals to attack, not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital and sensitive.

The largest hospital group in the UK, Barts Health NHS Trust, was recently forced to take systems offline as a precaution in after being hit by a Trojan malware cyberattack.

Read more on cybercrime

Editorial standards