• Trust warned of vulnerability to computer virus or ransomware attack
  • “End of life infrastructure” likely to fail with catastophic consequences, trust said
  • Windows XP replacement project is not due to be finished until June

A London trust that has been starved of capital investment reported earlier this month that it had been experiencing a “large increase” of ransomware attacks and was replacing outdated IT equipment in response.

St George’s University Hospitals Foundation Trust warned last week of the trust’s vulnerability “to computer virus or attack [ransomware]” – just days before the NHS was hit by a huge cyber attack.

According to May’s risk register, the trust said “[ransomware] infections continue to be reported”.

The document did not state whether any of the attacks had been successful.

The trust is currently denying that any of its IT systems have been affected by the cyber attack which has so far affected at least 16 NHS trusts, as well as other UK organisations.

However at 6pm on 12 May, it issued a statement saying that the trust is “taking proactive steps to reduce the risk of our systems being affected”.

All patients were urged “to continue to use our services – including A&E – wisely…as a precautionary measure.”

In the risk register the trust said that to control the risk of attack it was replacing “more vulnerable” computers that run on the outdated Windows XP operating system, which is widely used throughout the NHS.

The document warned that “new ransomware is created daily and the trust is vulnerable until a security patch has been created by vendor and successfully rolled out over estate”.

A separate section of the risk register said the trust’s failure to maintain and invest in IT for over seven years has left it with an “end of life infrastructure” that “is likely to fail”, with “catastrophic implications” for the trust in terms of corporate and clinical systems failures.

The trust has until recently, been almost wholly dependent on machines running Windows XP, which make the trust’s systems “prone to infection”, the document states. So far, 362 Windows XP machines have been replaced. However the replacement project is not due to be finished until June.

Financially troubled St George’s has widespread problems with its estate and equipment caused by years of underinvestment.

In a statement to HSJ the trust spokesman said: “We are aware of the trust’s IT risks, and have taken steps to reduce the load on our systems, whilst also reducing our vulnerability to viruses and ransomware. We are developing a long-term strategy to deliver improvements to the IT systems our staff currently use.”