This new strain of ransomware was to blame for hospital cyberattack

NHS Lanarkshire was forced to take systems offline and cancel appointments after being infected with a new variant of ransomware.
Written by Danny Palmer, Senior Writer

The Bitpaymer ransomware attack meant patients were urged to avoid visiting Accident and Emergency unless it was essential.

Image: iStock

An NHS hospital group which suffered at in May's WannaCry outbreak has fallen victim to another ransomware attack, and has been forced to cancel a number of patient appointments as a result.

Malware was detected in NHS Lanarkshire IT systems on Friday 25 August and the cyber-attack has since been identified as a new variant of Bitpaymer ransomware.

Like other forms of ransomware, it encrypts files and holds them to ransom in exchange for a bitcoin payment -- although in this case, it's an unusually high fee of 50 bitcoins (around £168,155 or $218,000). Those behind Bitpaymer also claim to have gathered "private sensitive data" from their victims and threaten to share it in the event of non-payment.

NHS Lanarkshire employs 12,000 staff and is responsible for three hospitals -- Hairmyres, Monklands and Wishaw General Hospital. The trust provides healthcare services for the population of over 654,000 people in the North and South Lanarkshire regions, making it the third largest health board in Scotland.

Following the discovery of the infection on a handful of systems, the hospital board says that IT staff worked over the weekend to secure and reinstate IT systems with the minimal possible disruption, although patients were asked to avoid attending Accident and Emergency unless the need was essential.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday," said NHS Lanarkshire chief executive Calum Campbell.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

While almost all the systems that were affected were restored to normal in a relatively short amount of time, a number of patient appointments had to be cancelled, but Lanarkshire assures those affected that they'll receive new dates soon.

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments," said Campbell.

NHS Lanarkshire is working with its IT service providers to investigate how the Bitpaymer infection managed to infiltrate its network although it's likely that, as is the case with most forms of ransomware, the payload would have been delivered with a phishing email.

The trust says its software and systems were up to date, but this was a new strain of Bitpaymer, and NHS Lanarkshire's security provider has now issued an update to protect against it.

Lanarkshire was one the NHS organisations most disrupted by May's WannaCry outbreak, which particularly infected UK health organisations due to their unfortunate reliance on bespoke software and unsupported Windows operating systems.

However, hospitals are a popular target for ransomware attacks as the perpetrators know that the healthcare sector can't afford not to have access to their networks. Because of this, many cybercriminals will devise campaigns to specifically target hospitals -- as demonstrated by recent Defray ransomware attacks.

Related coverage

Hospitals across the UK hit by WannaCrypt ransomware cyberattack, systems knocked offline

'Major incident' declared as at least 45 NHS hospital groups across the country are taken offline by WannaCrypt ransomware attack

How Bitcoin helped fuel an explosion in ransomware attacks

Secure payment system Bitcoin has many legitimate uses, but like other technologies, it's also been beneficial to cybercriminals seeking new ways to extort money.


Editorial standards