• Northern Lincolnshire and Goole FT confirms it has been hit by a cyber attack
  • The attack is believed to be the first to have caused major service disruption
  • Trust cancels routine operations, outpatient appointments and diagnostics for third day
  • Trust confirms attack just hours after the chancellor announced £1.9bn national cyber security strategy

A struggling acute hospital trust confirmed today it had been targeted by a cyber attack, resulting in it having to close down its computer systems and cancel thousands of appointments.

cyber security

Cyber security

Northern Lincolnshire and Goole Foundation Trust declared a major incident yesterday and said it had taken the decision to shut down the majority of its IT systems after they became infected with a computer virus. Trust deputy chief executive Karen Dunderdale said today it had experienced a cyber attack on Sunday.

It is believed that is the first time that a trust has taken down its IT systems because of a cyber security attack.

HSJ understands that while other attacks of this potential severity have been foiled this is the first to have caused major disruption.

Earlier today, chancellor Philip Hammond announced the government’s new £1.9bn national cyber security strategy.

Routine operations, outpatient appointments and diagnostics except antenatal were cancelled at the trust’s three hospitals in Grimsby, Scunthorpe and Goole on Monday and Tuesday, and cancellations have been extended into Wednesday.

Ms Dunderdale initially said a major incident had been declared because their computer system had been infected by a virus, but this afternoon she confirmed it had been a cyber attack.

She said: “The trust is still working under major incident status following Sunday’s cyber attack.

“On Wednesday all planned operations, outpatient appointments and diagnostic procedures have been cancelled, with a small number of exceptions.

“Patients who have appointments in all other departments, including surgery, should assume their appointment or procedure is cancelled unless they receive a telephone call to say otherwise. All cancelled appointments will be rescheduled as soon as possible.”

A trust spokeswoman said it was investigating the cause of the cyber attack but was currently unable to say who or what was responsible.

It is estimated the incident will have resulted in almost 3,000 appointments and 300 planned operations being cancelled over three days.

The trust said its A&E departments will be open as normal and other services will still be running on Wednesday, including: therapy services; community services; audiology; physiological measurements; chemotherapy; antenatal; paediatrics; immunology; and gynaecology.

Neighbouring trust United Lincolnshire Hospitals Trust said yesterday it was cancelling all planned operations today because it shares four clinical IT systems with Northern Lincolnshire and Goole.

This morning, Mr Hammond said the £1.9bn investment in cyber security over the next five years will not only protect the UK from hackers but allow it to retaliate.

He said: “Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860m in the last parliament, but we must now keep up with the scale and pace of the threats we face.

“Our new strategy, underpinned by £1.9bn of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.”