Exclusive: Computer attack could hit more hospitals, officials warn

Northern Lincolnshire and Goole Foundation Trust was forced to cancel thousands of operations after a virus infected its IT systems, which it has said was a result of a “cyber attack”. It has cancelled routine operations, outpatient appointments and diagnostics except antenatal at its three hospitals in Grimsby, Scunthorpe and Goole.

The cyber security team at NHS Digital, the national IT agency, sent a message yesterday to relevant teams in all NHS providers. It warned trusts of a “potential threat to your organisation”. The message was marked “severity: high”.

The email, sent on Monday afternoon and seen by HSJ, said: “Recent media coverage has identified a trust infected with a virus, resulting in the delay of outpatient appointments and certain surgical procedures.

“Following this infection in an NHS trust, we would like to remind all users of the need for proactive measures to reduce the likelihood of infection and minimise the impacts of any compromise.”

It warned trusts to “maintain a strong network perimeter… prevent default or weak passwords being used [and] consider implementing network security tools such as Intrusion Detection and Intrusion Prevention”.

The trust, responding to HSJ, said the problem was a ”localised issue and has had a an impact on just one other local trust [United Lincolnshire Hospitals Trust], with whom we share a system”.

One senior trust IT manager told HSJ: “We don’t know what the virus is or what we can do to protect ourselves.

“We are worried that the people who attacked North Lincolnshire trust might do the same to us. Normally it isn’t just a one-off. Usually we all get hit, it all just populates each trust.”

The source expressed surprise that NHS Digital has not offered more guidance.

“Last time we had a day zero event NHS Digital sent an email out to every single trust via the chief executive. You had to acknowledge you had seen it and you had to give an action plan back. In this instance we don’t know what virus is or what to do to protect ourselves.

“All we can do is do extra monitoring, looking for any unusual patterns, anybody trying to get into our systems, anyone accessing something they shouldn’t. But unless you know what you are looking for it’s hard.”

HSJ understands that NHS Digital has not sent out full details of the virus affecting North Lincolonshire and Goole because it has not yet been on site and completely verified the causes.

NHS Digital told HSJ in a statement: “We have made contact with [North Lincolonshire and Goole] to offer support; they remain data controllers and they have informed us that they are taking steps to resolve the situation. We will continue to offer support and guidance as requested.

“This issue highlights the fact that there are threats to data security within the health and care, as with any other sector. We remain committed to supporting the protection of data with the highest possible security standards, high levels of security expertise from the centre and appropriate training and awareness of the risks for all staff.”

A spokeswoman for the trust said: “The trust has been in regular communication with NHS Digital and we have been working alongside a CESG approved provider from an early stage.

“Trust systems and processes detected a problem late evening Sunday 30 October and we declared a major incident on Monday 31 October. This is a localised issue and has had a an impact on just one other local trust [United Lincolnshire Hospitals Trust], with whom we share a system.”