A Third Of NHS Trusts Targeted By Ransomware Attacks

A Freedom of Information (FOI) request has revealed that 87 NHS Trusts in England, Scotland and Wales – just under 34 percent of the total – have been targeted by ransomware attacks within the last 18 months.

All 260 Trusts responded to the FOI request, submitted by digital workplace firm RES, while 18 claimed exemption to providing information due to data rules around patient safety and four others either had been absorbed by another trust or didn’t hold the relevant information.

The data paints a worrying picture of the prevalence of such attacks targeting the healthcare sector in the UK and is in line with similar research carried out last month when 94 Trusts responded.

NHS security

In England specifically, 79 out of 239 trusts (33 percent) admitted to being targeted by ransomware in the last 12 months, while Scotland had by far the biggest issue with 8 out of 14 NHS trusts (57 percent) attacked.

“Healthcare organisations such as these NHS trusts are a prime target for attackers due to the nature of the data they hold,” said Jason Allaway, RES head of UK and Ireland. “Rather than the purely monetary value of data from many businesses and other sectors, healthcare has long been a top target for ransomware attacks as access to the data they hold can literally be the difference between life or death. Hackers know the hospital will have to pay or risk patients’ wellbeing.

“Education, vigilance and proven technology such as context-aware access controls, comprehensive blacklisting and whitelisting, read-only access, automated deprovisioning and adequate back-up are some of the vital components that need to be put in place by these trusts to both prevent and combat this problem as efficiently as possible.”

The healthcare industry has found itself becoming an increasingly attractive target for cyber criminals. A similar report released in October highlighted the prevalence of ransomware attacks on NHS organisations, before England’s largest NHS Trust suffered a cyber attack of its own.

A combination of poor security training, weak IT security measures and the use of outdated software are making hospitals soft target for attackers, putting operations and patient data at risk.

Silicon has contacted the Department for Health for comment.

Quiz: Test your knowledge of cyber security in 2016!