National Health Service of UK Falls Victim to Malware Once Again

The National Health Service of the UK, or in short, the NHS, has been targeted once again. The victim was the Lanarkshire branch (Scotland) of the NHS which is responsible for the three hospitals which suffered from the attack –Wishaw General Hospital, Hairmyres Hospital, and Monklands Hospital.

How Hospital Staff Reacted

The attack took place on Friday, 25th of August. Due to this strike on the hospitals' servers on the 27th of August, the patients were instructed by Dr. Jane Burns, Medical director, that the health institutions will solely be taking care of the most urgent cases. She continued, saying that if patients ignore the warning and show up at one of the affected hospitals they are very likely to have to endure a very long queue or be sent straight back home until the hospital resolves its malware problem. That is, of course, unless the patient is in a condition that requires immediate attention. In a Facebook post, the Lanarkshire branch of the NHS took to explain the situation to the public. They stated that the malware had infiltrated the hospitals' phones and staff bank system – the system the NHS uses to allocate staff and shifts. The news of a malware infiltration had naturally caused panic and had prevented the institutions from running normally and efficiently.

Calum Campbell, the CEO of NHS Lanarkshire, reported that they're expecting the issue to be resolved in the space of 72 hours. Until then their systems will remain offline as to prevent the malware from spreading and causing even more trouble. Calum Campbell later added that their cyber security provider had been working tirelessly to make sure that the issue is dealt with and NHS Lanarkshire can go back online. The CEO was also quick to offer his apologies to the patients who suffered from the attack and made a promise that their appointments will be scheduled as due.

No Information on The Type of Malware Used

Surprisingly, no data has been released regarding the type of cyber-attack that occurred. However, since it appears that all systems are expected to be restored to their normal functionality, it is safe to assume that the threat in question was not ransomware. While this is undoubtedly good news, it still raises many questions regarding how secure and protected the NHS’ systems are, as well as if the data of their patients is kept in a safe place. The official statement mentions that no data was stolen during the attack, but it might not be long before cyber criminals realize that the poorly secured NHS systems might give them a chance to exfiltrate sensitive information which could be used for all sorts of malicious deeds. Apart from the privacy and security risks, we should not forget that these malware infections may end up even costing lives since they end up impairing the hospital staff's ability to work efficiently.

A Patient's Statement Brings Light to NHS Attack

A person who had scheduled an appointment at a hospital in Hamilton confirmed that receptionists were sending people back home unless it was an emergency case. They also stated that the hospital staff couldn't get a hold of patients' test results and medical notes. The patient also said that the staff was evidently stressed and barely coping, but despite this, they had been helpful.

This isn't the first time that NHS Lanarkshire suffered a cyber-attack. Back in May, there was a particularly nasty malware that targeted the NHS – WannaCrypt Ransomware. It quickly spread across many NHS hospitals across the UK and demanded $300 in BTC to unlock a single encrypted computer. Government institutions are often targeted by hackers as they tend to neglect to update their systems to the newest software as the costs are high, and are thus more vulnerable to cyber-attacks.