A third (30 per cent) of NHS trusts have been infected by ransomware, with one – the Imperial College Healthcare in London – suffering 19 attacks in just 12 months.
According to results of a Freedom of Information-based study, none of the trusts reported paying a ransom or informed law enforcement. All preferred to deal with the attacks internally.
Additionally, of the 15 trusts who were able to provide further information about the origin of the attacks, 87 per cent reported that the attacker gained access through a networked NHS device, with 80 per cent targeted by a phishing scheme.
The figures are based on a Freedom of Information request from cyber security firm SentinelOne, which received responses from 94 of the 129 trusts quizzed.
Ransomware, which encrypts data on compromised devices before demanding a ransom to regain access, has affected a number of hospitals worldwide over recent months. For example, the Hollywood Presbyterian Medical Center in Los Angeles paid cybercriminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.
Tony Rowan, chief security consultant at SentinelOne, commented: "Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching." ®