The Northern Lincolnshire and Goole NHS Foundation Trust had to shut down their systems forcedly due to a ransomware infection in October. At that time, all the operations were interrupted for a four-day period.
At first, it was believed that the problem was caused by a malware infection spreading via USB. However, the director of strategy and planning at Northern Lincolnshire and Goole NHS Foundation Trust – Pam Clipson, then confirmed that the issue was due to ransomware which infected several systems and forced the security department to shut them down for cleaning.
Usually, ransomware infections involve a ransom which victims should pay to cyber criminals in order to unlock systems. However, Pam Clipson said that the hospital have decided to take the systems offline in order to remove the malware themselves.
According to the officials, the patient safety was a priority and they admitted that approximately 2,800 appointments were canceled because the responsible systems weren’t working.
“Any potentially encrypted servers were checked and cleansed both prior to switching off and before returning to ‘live’ status. The majority of our systems were up and running again within 48 hours,” Clipson stated, adding that an investigation is now under way, so details as to how the hacker breached the systems cannot be shared.
However, Clipson also said, that a USB infection wasn’t the cause of the ransomware outbreak, as it was believed in the beginning.
“We can confirm that recent publicly reported information alleging that access was gained through a USB stick or due to remote working have no grounding in fact. We can assure our patients and other stakeholders that we acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information at this time on the exact steps we have taken,” Clipson concluded.
The systems were infected with Globe2 ransomware, and according the hospital officials, all compromised files were cleaned and the systems were already running normally.