Tuesday, August 29, 2017

This new strain of ransomware was to blame for hospital cyber-attack

hospital-corridor.jpg

The Bitpaymer ransomware attack meant patients were urged to avoid visiting Accident & Emergency unless it was essential.

Image: iStock

An NHS hospital group which suffered at the hands of May's WannaCry outbreak has fallen victim to another ransomware attack and has been forced to cancel a number of patient appointments as a result.

Malware was detected in NHS Lanarkshire IT systems on Friday 25 August and the cyber attack has since been identified as a new variant of Bitpaymer ransomware.

Like other forms of ransomware, it encrypts files and holds them to ransom in exchange for a Bitcoin payment - although in this case, it's an unusually high fee of 50 Bitcoins -- currently £168,155/$218,000. Those behind Bitpaymer also claim to have gathered "private sensitive data" from their victims and threaten to share it in the event of non-payment.

NHS Lanarkshire employs 12,000 staff across three hospitals Hairmyres, Monklands and Wishaw General Hospital - which provide healthcare services for the population of over 654,000 people in the North and South Lanarkshire regions. That figure makes it the third largest health board in Scotland.

Following the discovery of the infection on a handful number of systems, the hospital board says that IT staff worked over the weekend to secure and reinstate IT systems with the minimal possible disruption, although patients were asked to avoid attending Accident & Emergency unless the need was essential.

"Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems were affected with the majority restored over the weekend and the remainder on Monday," said NHS Lanarkshire chief executive Calum Campbell.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

While almost all the systems that were affected were restored to normal in a relatively short amount of time, a number of patient appointments had to be cancelled, but Lanarkshire assures those affected that they'll receive new dates soon.

"Unfortunately a small number of procedures and appointments were cancelled as a result of the incident. I would like to apologise to anyone who has been affected by this disruption. We immediately started work to reappoint patients to the earliest possible appointments," said Campbell.

NHS Lanarkshire is working with its IT service providers to investigate how the Bitpaymer infection managed to infiltrate its network - although it's likely that as is the case with most forms of ransomware, the payload would've been delivered with a phishing email.

The hospital group says its software and systems were up to date, but as this was a new strain of Bitpaymer, Lanarkshire's security provider has now issued an update to protect against the new strain.

Lanarkshire was one the NHS organisations most disrupted by May's WannaCry outbreak, which happened to particularly infected UK hospitals due to their unfortunate reliance on bespoke software and unsupported Windows operating systems.

However, hospitals are a popular target for ransomware attacks as the perpetrators know that the healthcare sector can't afford to not have access to their networks. Because of this, many cyber criminals will devise campaigns to specifically target hospitals - as demonstrated by recent Defray ransomware attacks.

READ MORE ON CYBER CRIME



from Latest Topic for ZDNet in... http://ift.tt/2iCVFoU

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.