- Barts Health Trust message to staff reveals ransomware virus attack
- Thousands of files believed to have been affected, source says
- Second high profile attack on an NHS trust
The largest NHS hospital trust in England has been infected with a ransomware virus causing it to take its pathology service offline, HSJ can reveal.
A message sent to staff at Barts Health Trust this morning, seen by HSJ, warned the trust was experiencing a “ransomware virus attack issue”, with files affected across the trust’s computer system.
This afternoon, a new message to staff warned that pathology systems at three of the trust’s four east London hospitals – The Royal London, St Bartholomew’s and Newham – were “operating downtime procedures”.
The message said: “While we work to resolve this issue, please only send clinically urgent requests to pathology at these sites.
“We are currently providing an urgent only service until systems are restored.”
A source at the trust told HSJ the attack had affected thousands of files on the trust’s Windows XP and Windows 7 operating systems.
The trust has also turned off the ability for departments to file share data until the situation has been resolved.
In the first email, the trust’s IT department told staff not to access certain files, adding: “The issue is being investigated by our engineers who are working to resolve this as soon as possible.”
The message warned staff they should never open an email attachment without being “absolutely certain” who sent it. It also warned staff of the dangers of clicking email links and websites with disguised internet addresses.
A trust spokesman said: “We are urgently investigating this matter and have taken a number of drives offline as a precautionary measure. We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected.”
The incident follows Northern Lincolnshire and Goole Foundation Trust being hit by a ransomware attack in October from a virus called Globe2, which works by encrypting files with an algorithm to make them inaccessible.
The victims of blackmail ransomware usually receive messages in an attempt to elicit money in order to restore access to the computer system. It is not clear what type of ransomware is affecting Barts.
At the Lincolnshire trust the attack began as a result of phishing emails, which contain malicious website links or attachments that release a virus once activated.
The trust did not pay any ransom as a result of the attack but it did have to cancel 2,800 patient appointments during 48 hours when it shutdown systems.
This story was updated at 2.15pm to reflect new information provided to HSJ.
Message sent to staff seen by HSJ
13 January 2017