Ransomware blamed for cyber attack which forced hospitals to cancel operations and shut down systems

2,800 patient operations were cancelled in total, hospital confirms -- but no word on how Globe2 ransomware infection occurred.
Written by Danny Palmer, Senior Writer

Hospiital systems were taken offline afetr being infected with Globe2 ransomware

Getty Images/iStockphoto

An NHS hospital trust which was forced to shut down systems and cancel operations as a result of a cyberattack has revealed that a ransomware infection was the source of the problem.

The cyberattack against Northern Lincolnshire and Goole NHS Foundation Trust took three hospitals offline after what has now been confirmed as a Globe2 ransomware infection. The incident led to the cancellation of 2,800 patient appointments the NHS Trust.

The Northern Lincolnshire and Goole NHS Foundation Trust declared a "major incident" after a "computer virus" infected its systems on Sunday, 30 October and full service didn't resume until Wednesday 2 November.

"Our teams took immediate action upon detection of the attack, minimising its impact. The Trust took the decision to halt routine appointments in order to ensure patient safety while we eradicated the issue," said Pam Clipson, director of strategy and planning at Northern Lincolnshire and Goole NHS Foundation Trust.

"Any potentially encrypted servers were checked and cleansed both prior to switching off and before returning to 'live' status," she said.

In an email to ZDNet, an NHS spokesperson confirmed that no ransom was paid to the perpetrators of the attack in order to restore systems.

Due to the ongoing investigatiion the Trust isn't going into details about how systems became infected with ransomware, but said rumours that the infection came from a USB stick or staff working remotely have "no grounding in fact".

Northern Lincolnshire and Google NHS Foundation Trust said it has "acted swiftly to enhance our existing cyber security" but Clipson said specific information won't be shared "in order to maintain security and support the police investigation".

Globe2 is yet another variant of the booming epidemic of file encrypting ransomware. While the Trust isn't willing to go into details about how their systems became infected, much like other forms of ransomware, Globe2 commonly infects users via the medium of phishing emails containing malicious links.

Hospitals are an appealing target for cybercriminals to infect with ransomware not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital.

Read more on cybercrime

Editorial standards