Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

World-leading heart hospital 'very, very lucky' to dodge ransomware hit

Papworth's timely backups saved the day

World-leading Papworth Hospital has escaped a full-on zero-day crypto ransomware attack thanks to the "very, very lucky" timing of its daily backup.

It's believed that an on-duty nurse at the heart and lung hospital in Cambridgeshire, UK, unwittingly clicked on something in an infected email, activating the attack at about 11pm on a Saturday night a few months back.

But the malware did not start encrypting files until after midnight – just after the daily backup had completed, ICT director Jane Berezynskyj has said.

The NHS foundation trust had made recovery plans and recruited experienced staff following earlier attacks, but Berezynskyj said: "We were also very, very lucky. Timing absolutely was everything for us."

Papworth has since moved to hourly incremental backups, using mixed media including tape, given that some attacks target digital backups.

Berezynskyj, speaking at the EHI Live healthcare conference in Birmingham this week, said Papworth was hit by a new variant of crypto software for which there was no remedial software.

"We've got some fairly ancient application architecture so we've got some file-shares, and actually that's what happened to us – a crypto attack went through our file-shares and encrypted the data."

"Thank God for that full backup, then," she added.

"We're pretty certain that when we suffered our ransomware attack, the user concerned navigated away from that screen that said: 'This is a ransomware attack, please pay X amount in bitcoins'," Berezynskyj said, but the person never reported what happened. "One of our key weaknesses is our people and user behaviour," she added, despite a programme of staff education and communication.

The trust's four-person IT team worked from 1am to 9pm on the Sunday, with further work with suppliers on Monday and Tuesday, to recover its systems.

Papworth had not budgeted for such an attack, although Berezynskyj said she had been able to absorb its cost within existing budgets. It did not hit clinical care, but this again was down to timing. "We don't do Sunday operations, so it didn’t affect operating theatres," she said. "If we'd been doing a heart operation on a Sunday, it would have been a huge problem."

Berezynskyj added that she is trying to persuade the trust's financial director to include provision for attack recovery. "It's not if, it's when it's going to happen," she said. "But that dialogue is still evolving, because finance people only like to plan for what's actually going to happen, and I can’t give cast-iron guarantees."

She mentioned research suggesting that each cyber-attack in healthcare costs £80,672-£161,345 (€90,000-€180,000).

Papworth is famous as the centre for the UK's first successful heart transplant in 1979.

Speaking at the same session, Lydia Kostopoulos, a principal consultant for PA Consulting, said an experiment she ran sending benign phishing emails to staff at US hospitals found they were most likely to be clicked on between 11pm and 5am, particularly by nurses on graveyard shifts.

Meanwhile, Northern Lincolnshire and Goole NHS foundation trust is right now recovering from a major incident following a cyber-attack which led it to cancel operations.

A spokesperson for the Goole NHS foundation trust told us today: "There is an ongoing investigation between the Trust, NHS Digital and the police, and while it continues we are not in a position to issue any further information. The Trust’s services are now running as normal." ®

More about

TIP US OFF

Send us news


Other stories you might like