Healthcare organizations can be one of the most rewarding targets for cyber criminals. These organizations hold large amounts of highly valued patient data that can be an ideal source of illicit gains. Barts health trust, which is the largest National Health Service (NHS) trust in England, was hit by what was initially rumored to be ransomware, but turned out to be a Trojan malware attack. The breach resulted in them taking their computer systems offline on Friday. Barts runs five hospitals in east London, those being Whipps Cross, Mile End, Newham, the Royal London, and St. Bartholomew’s.
Barts Effectively Handled the Breach
The trust’s systems were infected by the Trojan malware through a phishing ambush. Barts sent an email to staff members warning against opening email attachments from unknown senders. The trust took quick action against the virus and was able to effectively handle it. According to statement on the trust’s website, “On Friday 13 January 2017 Barts Health discovered and took immediate steps to contain a virus in the Trust’s computers. The virus has been quarantined, and all major clinical systems are now up and running. No patient data was affected, there was no unauthorized access to medical records, and our anti-virus protection has now been updated to prevent any recurrence.” Patient records can be high value targets for cyber criminals due to their selling point on the black market, so it is fortunate that the trust was able to prevent any theft of these.
As a proactive measure in reaction to the attack on Barts, staff at the Royal Free London foundation trust were also warned of opening attachments from foreign senders. Though, according to a spokesperson, Royal Free London, Chase Farm hospitals, and Barnet were not affected by the attack. The cautionary warning to the staff of the these trusts was a smart move, being that other trusts have been attacked in the past as well. In October, the Goole foundation trust, and Lincolnshire were hit with a ransomware attack. The ransom was not paid, but it did result in systems being shut down and patient appointments cancelled so that the ransomware could be removed.
The frequent barrage of attacks against healthcare organizations shows the need for proactive cyber security. While defensive and reactive security will always be necessary, this alone no longer cuts it. Cyber threat intelligence needs to be more widely implemented in the realm of healthcare, as well as other industries. This is what will allow threats and attackers to be predicted, mitigated, and prevented.