A New Form Of Ransomware Attacks UK Hospital

An NHS hospital group which suffered at the hands of May's WannaCry outbreak has fallen victim to another ransomware attack and has been forced to cancel a number of patient appointments as a result.

Malware was detected in NHS Lanarkshire IT systems on Friday 25 August and the cyber-attack has since been identified as a new variant of Bitpaymer ransomware.

Like other forms of ransomware, it encrypts files and holds them to ransom in exchange for a Bitcoin payment, although in this case, it's an unusually high fee of 50 Bitcoins, currently £168,155/$218,000. Those behind Bitpaymer also claim to have gathered "private sensitive data" from their victims and threaten to share it in the event of non-payment.

NHS Lanarkshire employs 12,000 staff across three hospitals Hairmyres, Monklands and Wishaw General Hospital, which provide healthcare services for the population of over 654,000 people in the North and South Lanarkshire regions. That figure makes it the third largest health board in Scotland.

Following the discovery of the infection on a handful number of systems, the hospital board says that IT staff worked over the weekend to secure and reinstate IT systems with the minimal possible disruption, although patients were asked to avoid attending Accident & Emergency unless the need was essential.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday 28th August," said NHS Lanarkshire chief executive Calum Campbell.

While almost all the systems that were affected were restored, back to normal, in a relatively short amount of time, a number of patient appointments had to be cancelled, but Lanarkshire assures those affected that they'll receive new dates soon.

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments," said Campbell.

NHS Lanarkshire is working with its IT service providers to investigate how the Bitpaymer infection managed to infiltrate its network - although it's likely that as is the case with most forms of ransomware, the payload would've been delivered with a phishing email.

The hospital group says its software and systems were up to date, but as this was a new strain of Bitpaymer, Lanarkshire's security provider has now issued an update to protect against the new strain.

Lanarkshire was one the NHS organisations most disrupted by the earlier WannaCry outbreak, which happened to particularly infected UK hospitals due to their unfortunate reliance on bespoke software and unsupported Windows operating systems.

However, hospitals are a popular target for ransomware attacks as the perpetrators know that the healthcare sector can't afford to not have access to their networks. Because of this, many cyber criminals will devise campaigns to specifically target hospitals - as demonstrated by recent Defray ransomware attacks.

ZD Net:

You Might Also Read:

Urgent: Investment In NHS Cybersecurity:

How Cybercrime Affects The Healthcare Industry:

« IoT For Business & Creating 'Digital Twins'
AI Attacks Are Just Around The Corner »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).