Connectivity

Widespread Ransomware Attack Hits U.K. Hospitals

The National Health Service has found data on many of its computers locked up by hackers and may have little choice but to capitulate to demands for cash.

May 12, 2017

Many hospitals around the U.K. have been hit by ransomware, facing them with demands to pay hackers to unlock their data.

The Guardian reports that a number of National Health Service hospitals around England were hit on Friday. The attacks encrypt the data on a computer or network, then lock access until a user has paid a ransom, usually in Bitcoin. Speaking to the newspaper, an IT worker at the NHS reported:

“At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down. A bitcoin virus pop-up message had been introduced onto the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen.”

It’s not clear yet how widespread the hack is, but the Guardian names at least six hospital trusts that have been affected, many of which operate multiple hospitals. Some of those that are affected have been diverting emergency patients to ensure their safety.

It’s by no means the first time hospitals have been targeted by hackers. But these kinds of attacks are particularly troubling because of the way they lock up data using encryption that can’t easily be broken. While problematic when they’re leveled at, say, public transit infrastructure, they’re downright dangerous when targeted at hospitals, because they lock away patient data that could make the difference between life and death.

Keith Martin, who runs the Information Security Group at Royal Holloway, University of London, tells MIT Technology Review that in theory an organization such as the NHS would be able to recover from such an attack by restoring its systems from backups. “However, this could take quite a while, maybe even days, so the interruption could be significant,” he adds.

That also assumes that the organization takes cybersecurity seriously. Martin says that he “would hope that the NHS falls very much into the 'cybersecurity aware' category,” adding that “an organization being less careful about cybersecurity could be in real trouble. Either they take a data loss hit, or they stump up the money.”

Sadly, the NHS doesn’t have a wonderful track record for prizing its cybersecurity. An analysis based on Freedom of Information requests published late last year, for instance, revealed that 90 percent of NHS trusts continue to use Windows XP—an operating system no longer supported by Microsoft, and therefore no longer provided with with security updates.

As a result, affected hospitals may have little choice but to capitulate to the demands of the hackers—as Hollywood Presbyterian Medical Center in Los Angeles was forced to do last year. According to Patrick O’Neill, a reporter at CyberScoop, that appears to be happening already with the NHS. He claims to be watching the Bitcoin wallet that hackers have asked for funds to be deposited into, and he says that several payments have been made so far.

(Read more: Guardian, Inquirer, “With Hospital Ransomware Infections, the Patients Are at Risk,” “Hackers Are Homing In on Hospitals,” “Hospital Forced Back to Pre-Computer Era Shows the Power of Ransomware”)