The malware siege of Northern Lincolnshire and Goole NHS: a preview of more? (UK)

By now our UK readers are well aware of the shutdown due to malware starting Sunday 30 Oct, only resolved today, of the Northern Lincolnshire and Goole NHS Trust hospitals: Diana, Princess of Wales; Goole and District; Scunthorpe General.

[grow_thumb image=”×445.png” thumb_width=”300″ /] (NHS website via, click to enlarge)

[grow_thumb image=”” thumb_width=”300″ /] (NHS website, click to enlarge)

It is estimated that it affected approximately 1,000 patients over the three shutdown days. Most patients were diverted to neighboring hospitals, according to The Guardian.

The Health Services Journal (paywalled) broke as an exclusive the NHS‘ high priority warning to providers around the country. Yet it seemed equivocal. According to The Sun, while NHS Digital marked the message as ‘severity: high’ and warned that “… we would like to remind all users of the need for proactive measures to reduce the likelihood of infection and minimise the impacts of any compromise.”, it was tempered with “We have no evidence that this is anything other than a local isolated incident but we will continue to keep health and care organisations informed.” Also according to The Sun, the Department of Health has noted that this has not been the first incident.

As our Readers know, US and Canadian hospitals and healthcare organizations have been subject of late to malware and its latest iteration, ransomware, with a large outbreak this summer. This is now after years of the FBI and others warning of hacking threats, IT experts easily hacking into medical devices, and now the eminently hackable and botnettable IoT [TTA 25 Oct].

A rewarding read for HIT-ers and anyone concerned on both sides of the Atlantic is Brian Krebs’ take on this (Krebsonsecurity). (Don’t miss the 50-odd comments below the article.) He strongly suspects that the ‘malware’ was ransomware, due to the pattern and the target. We should heed this section:

The crippling of NHS’s systems came as U.K. Chancellor Philip Hammond unveiled a national cybersecurity strategy, warning that hostile “foreign actors” were developing techniques that threaten the country’s electrical grid and airports, among other critical infrastructure.

“If we want Britain to be the best place in the world to be a tech business then it is also crucial that Britain is a safe place to do the digital business,” Hammond said Tuesday as he described the National Cyber Security Strategy in London. “Trust in the internet and the infrastructure on which it relies is fundamental to our economic future.”

…which certainly seems to be a dare to any black hats, wherever they may be. Once it starts, it will not stop.

Mr Krebs then follows with the FBI’s and his personal recommendations on best preventative practices.  Also see SC Magazine UK for an in-country security professional’s POV.

Categories: Latest News.