A New Form Of Ransomware Attacks UK Hospital

An NHS hospital group which suffered at the hands of May's WannaCry outbreak has fallen victim to another ransomware attack and has been forced to cancel a number of patient appointments as a result.

Malware was detected in NHS Lanarkshire IT systems on Friday 25 August and the cyber-attack has since been identified as a new variant of Bitpaymer ransomware.

Like other forms of ransomware, it encrypts files and holds them to ransom in exchange for a Bitcoin payment, although in this case, it's an unusually high fee of 50 Bitcoins, currently £168,155/$218,000. Those behind Bitpaymer also claim to have gathered "private sensitive data" from their victims and threaten to share it in the event of non-payment.

NHS Lanarkshire employs 12,000 staff across three hospitals Hairmyres, Monklands and Wishaw General Hospital, which provide healthcare services for the population of over 654,000 people in the North and South Lanarkshire regions. That figure makes it the third largest health board in Scotland.

Following the discovery of the infection on a handful number of systems, the hospital board says that IT staff worked over the weekend to secure and reinstate IT systems with the minimal possible disruption, although patients were asked to avoid attending Accident & Emergency unless the need was essential.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday 28th August," said NHS Lanarkshire chief executive Calum Campbell.

While almost all the systems that were affected were restored, back to normal, in a relatively short amount of time, a number of patient appointments had to be cancelled, but Lanarkshire assures those affected that they'll receive new dates soon.

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments," said Campbell.

NHS Lanarkshire is working with its IT service providers to investigate how the Bitpaymer infection managed to infiltrate its network - although it's likely that as is the case with most forms of ransomware, the payload would've been delivered with a phishing email.

The hospital group says its software and systems were up to date, but as this was a new strain of Bitpaymer, Lanarkshire's security provider has now issued an update to protect against the new strain.

Lanarkshire was one the NHS organisations most disrupted by the earlier WannaCry outbreak, which happened to particularly infected UK hospitals due to their unfortunate reliance on bespoke software and unsupported Windows operating systems.

However, hospitals are a popular target for ransomware attacks as the perpetrators know that the healthcare sector can't afford to not have access to their networks. Because of this, many cyber criminals will devise campaigns to specifically target hospitals - as demonstrated by recent Defray ransomware attacks.

ZD Net:

You Might Also Read:

Urgent: Investment In NHS Cybersecurity:

How Cybercrime Affects The Healthcare Industry:

« IoT For Business & Creating 'Digital Twins'
AI Attacks Are Just Around The Corner »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

CyberGuru

CyberGuru

CyberGuru is a service provided by CyberSecurity Malaysia specializing in cyber security professional training and development.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Cyberstarts

Cyberstarts

Cyberstarts’ vision is to become the leading platform for amazing teams of entrepreneurs to solve the next big problems of the cybersecurity world.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.