'Previously unseen' malware behind cyberattack against UK's biggest hospital group

Despite being up-to-date, Barts Health NHS Trust's antivirus software didn't recognize a new threat as malicious. The vendor has since issued a patch.
Written by Danny Palmer, Senior Writer

The investigation into the cyberattack against Barts Health NHS Trust is still ongoing.

Image: Barts Health NHS Trust

A malware attack which forced parts of the UK's largest hospital group offline has been blamed on a new form of malware, which bypassed antivirus software and infected the network.

A January cyberattack against Barts Health NHS Trust -- which incorporates five East London hospitals, 15,000 staff, and provides care to millions of patients a year -- resulted in a number of computer systems being shut down as a precaution.

As a result of the attack, the Barts Health pathology system was taken offline before eventually being restored a few days later. The hospital said the virus didn't gain access to patient data.

There's still no indication of how exactly the malware, which the trust said previously was a Trojan, managed to infiltrate hospital systems, but newly released minutes of the trust's 1 March board meeting shed some light on the malware itself.

Speaking in the meeting, deputy chief executive Dr Tim Peachey, who holds board-level responsibility for ICT, confirmed that the cyberattack didn't involve ransomware, but said the incident involved "a new virus not seen previously".

The minutes noted: "He explained that the trust's antivirus software had been up to date and that this had been a new virus not seen previously. A 'patch' had been issued globally within 8 hours, protecting other organisations from this virus."

A Barts Health NHS Trust spokesperson said the exact form of malware which infected systems couldn't be disclosed at this time due to an ongoing investigation into the incident.

The minutes also reveal that the virus affected four of the hospital's five sites: Mile End Hospital, Newham University Hospital, The Royal London Hospital, and St Bartholowmew's Hospital. Whipps Cross University Hospital was the only trust location which was not infected.

As a result of the cyberattack, the pathology department had to resort to using manual systems, but no patient appointments had to be cancelled.

Barts Health NHS Trust is currently carrying out a "serious incident investigation" into the event, with further details to be shared "once this had concluded". Currently, there's no indication as to when the investigation will be complete.

The Barts trust is not the only hospital to be hit with malware recently: an attack against Northern Lincolnshire and Goole NHS Foundation Trust took three hospitals offline in November.

The incident was eventually confirmed to be a Globe2 ransomware attack, which led to the cancellation of 2,800 patient appointments at the NHS Trust.

Hospitals are an appealing target for cybercriminals to attack, not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital.

Read more on cybercrime

Editorial standards