Ransomware behind NHS Lanarkshire cyber-attack

image copyrightRoss Watson
image captionServices at major sites such as Wishaw General Hospital were disrupted by the cyber-attack

It has been confirmed that ransomware was behind a cyber-attack on a Scottish health board which led to some appointments and procedures being cancelled.

NHS Lanarkshire said it was a new variant of Bitpaymer that infected its network on Friday.

The board said staff worked over the weekend to reinstate IT systems.

Work is ongoing to establish how the malware was able to infiltrate the network without being detected.

The cyber-attack started on Friday. Operations were cancelled and the work of GPs was disrupted.

Analysis from Zoe Kleinman, technology reporter, BBC News

Ransomware is a particularly destructive form of malware that catastrophically struck the NHS earlier this year.

While this new infection is not the notorious Wannacry variation, which caused global chaos, it is yet another demonstration of how disruptive ransomware can be.

What it does is encrypt the data it finds on a host computer so that it can no longer be accessed, and then demands payment, often in Bitcoin, for its release.

Experts recommend resorting to back-up files rather than paying the ransom itself as there's no guarantee that the criminals behind it will keep to their word - but there are many examples of cases where individuals and organisations have chosen to part with their cash.

Most malware travels via phishing emails - something that looks like it's from a trusted source and asks the recipient to click a link. It only takes a moment of being caught off-guard to be taken in.

The best defence is to keep software updated and use anti-virus protection but it can be difficult for large organisations like the NHS to implement this en-masse, when complicated, life-saving equipment is running off a network that may not adjust well to even minor tweaks.

NHS Lanarkshire chief executive Calum Campbell said: "We quickly identified the source of the malware and investigations are ongoing as to how this was able to infiltrate our network.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday."

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments."

media captionTechnology explained: what is ransomware?

The health board said it was working with its IT security providers to establish how the malware had infiltrated the network.

A spokesman added: "Our security software and systems were up to date with the latest signature files, but as this was a new malware variant the latest security software was unable to detect it.

"Following analysis of the malware our security providers issued an updated signature so that this variant can now be detected and blocked."

NHS Lanarkshire was one of the worst-hit health authorities in Scotland in the widespread cyber-attacks in May.

Related Topics

More on this story

Related Internet Links

The BBC is not responsible for the content of external sites.